Snyk Security Database

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the NuxtLink href when attacker-controlled input is bound to the to or href properties. An attacker can execute arbitrary scripts in the context of the application by supplying a crafted javascript: or data: URL, which is reflected into the rendered markup and executed when a user clicks the link. This also exposes a phishing surface by allowing data URLs to be reflected through the same sink, enabling deceptive links anchored to legitimate application content.

kafka-python is a Pure Python client for Apache Kafka

Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the receive_bytes() function in the protocol parser. An attacker can exhaust system memory or cause connections to hang by sending a crafted 4-byte frame length value without bounds validation, resulting in either excessive memory allocation or an uncaught exception that disrupts normal operation.

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the INFO level logging when chaincode is deployed in chaincode-as-a-service mode with TLS enabled. An attacker can obtain sensitive information (TLS private key) by accessing the server logs. If the attacker also acquires the corresponding private key, they may impersonate the server.