VYPR

cve-services

by CVEProject

CVEs (3)

  • CVE-2022-31004HigJun 2, 2022
    risk 0.49cvss 7.5epss 0.01

    CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If…

  • CVE-2022-24875MedApr 21, 2022
    risk 0.00cvss 5.3epss 0.01

    The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This has been resolved in commit `46d98f2b` and should be available in subsequent…

  • CVE-2021-46561HigJan 26, 2022
    risk 0.00cvss 7.2epss 0.01

    controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context…