NodeJS/hellojs/1.9.6
A clientside Javascript library for standardizing requests to OAuth2 web services (and OAuth1 - with a shim)
https://www.npmjs.com/package/hellojs
MIT
2 Security Vulnerabilities
XSS in hello.js
Published date: 2021-01-13T19:07:01Z
CVE: CVE-2020-7741
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2020-7741
- https://github.com/advisories/GHSA-7jh9-6cpf-h4m7
- https://github.com/MrSwitch/hello.js/commit/d6f5137f30de6e0ef7048191ee6ae575fdc2f669
- https://github.com/MrSwitch/hello.js/blob/3b79ec93781b3d7b9c0b56f598e060301d1f3e73/dist/hello.all.js%23L1545
- https://snyk.io/vuln/SNYK-JS-HELLOJS-1014546
This affects the package hello.js before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert(1)
.
Affected versions:
["0.1.5", "0.1.6", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.5", "1.0.0", "1.1.3", "1.3.2", "1.3.7", "1.4.0", "1.4.1", "1.4.2", "1.4.3", "1.5.0", "1.5.1", "1.6.0", "1.7.0", "1.7.3", "1.7.4", "1.7.5", "1.8.2", "1.8.3", "1.8.4", "1.9.3", "1.9.4", "1.9.5", "1.9.6", "1.9.7", "1.9.8", "1.9.9", "1.10.0", "1.10.1", "1.11.0", "1.11.1", "1.11.2", "1.12.0", "1.13.1", "1.13.2", "1.13.3", "1.13.4", "1.13.5", "1.13.6", "1.14.0", "1.14.1", "1.15.0", "1.15.1", "1.16.0", "1.16.1", "1.17.1", "1.18.0", "1.18.1", "1.18.3", "1.18.4"]
Secure versions:
[2.0.0-2, 2.0.0-3, 2.0.0-4, 1.18.8, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.20.0]
Recommendation:
Update to version 2.0.0-4.
MrSwitch hello.js vulnerable to prototype pollution
Published date: 2023-08-11T15:30:46Z
CVE: CVE-2021-26505
Links:
A prototype pollution vulnerability in MrSwitch hello.js prior to version 1.18.8 allows remote attackers to execute arbitrary code via hello.utils.extend
function.
Affected versions:
["0.1.5", "0.1.6", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.5", "1.0.0", "1.1.3", "1.3.2", "1.3.7", "1.4.0", "1.4.1", "1.4.2", "1.4.3", "1.5.0", "1.5.1", "1.6.0", "1.7.0", "1.7.3", "1.7.4", "1.7.5", "1.8.2", "1.8.3", "1.8.4", "1.9.3", "1.9.4", "1.9.5", "1.9.6", "1.9.7", "1.9.8", "1.9.9", "1.10.0", "1.10.1", "1.11.0", "1.11.1", "1.11.2", "1.12.0", "1.13.1", "1.13.2", "1.13.3", "1.13.4", "1.13.5", "1.13.6", "1.14.0", "1.14.1", "1.15.0", "1.15.1", "1.16.0", "1.16.1", "1.17.1", "1.18.0", "1.18.1", "1.18.3", "1.18.4", "1.18.6"]
Secure versions:
[2.0.0-2, 2.0.0-3, 2.0.0-4, 1.18.8, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.20.0]
Recommendation:
Update to version 2.0.0-4.
67 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
2.0.0-4 | MIT | 2017-07-13 - 21:04 | almost 7 years | |
2.0.0-3 | MIT | 2017-07-10 - 21:50 | almost 7 years | |
2.0.0-2 | MIT | 2017-07-05 - 13:43 | almost 7 years | |
1.20.0 | MIT | 2023-01-25 - 21:54 | over 1 year | |
1.19.5 | MIT | 2021-09-19 - 08:38 | over 2 years | |
1.19.4 | MIT | 2021-06-24 - 20:26 | almost 3 years | |
1.19.3 | MIT | 2021-04-13 - 16:49 | about 3 years | |
1.19.2 | MIT | 2021-03-20 - 23:53 | about 3 years | |
1.19.1 | MIT | 2021-03-20 - 23:41 | about 3 years | |
1.19.0 | MIT | 2021-03-20 - 21:57 | about 3 years | |
1.18.8 | MIT | 2021-02-02 - 19:41 | over 3 years | |
1.18.6 | MIT | 1 | 2020-10-06 - 13:37 | over 3 years |
1.18.4 | MIT | 2 | 2020-01-09 - 08:41 | over 4 years |
1.18.3 | MIT | 2 | 2020-01-09 - 08:36 | over 4 years |
1.18.1 | MIT | 2 | 2019-02-19 - 12:39 | about 5 years |
1.18.0 | MIT | 2 | 2019-02-14 - 08:39 | about 5 years |
1.17.1 | MIT | 2 | 2018-07-20 - 10:33 | almost 6 years |
1.16.1 | MIT | 2 | 2017-12-02 - 10:40 | over 6 years |
1.16.0 | MIT | 2 | 2017-12-01 - 11:10 | over 6 years |
1.15.1 | MIT | 2 | 2017-06-19 - 22:52 | almost 7 years |
1.15.0 | MIT | 2 | 2017-06-14 - 11:23 | almost 7 years |
1.14.1 | MIT | 2 | 2017-03-07 - 10:58 | about 7 years |
1.14.0 | MIT | 2 | 2016-09-17 - 07:58 | over 7 years |
1.13.6 | MIT | 2 | 2016-09-08 - 22:40 | over 7 years |
1.13.5 | MIT | 2 | 2016-08-31 - 13:24 | over 7 years |
1.13.4 | MIT | 2 | 2016-08-07 - 19:55 | almost 8 years |
1.13.3 | MIT | 2 | 2016-07-09 - 09:35 | almost 8 years |
1.13.2 | MIT | 2 | 2016-07-05 - 08:42 | almost 8 years |
1.13.1 | MIT | 2 | 2016-05-10 - 09:10 | about 8 years |
1.12.0 | MIT | 2 | 2016-02-27 - 23:13 | about 8 years |
1.11.2 | MIT | 2 | 2016-02-27 - 14:18 | about 8 years |
1.11.1 | MIT | 2 | 2016-02-26 - 21:43 | about 8 years |
1.11.0 | MIT | 2 | 2016-02-24 - 22:21 | about 8 years |
1.10.1 | MIT | 2 | 2016-01-14 - 22:05 | over 8 years |
1.10.0 | MIT | 2 | 2016-01-07 - 10:00 | over 8 years |
1.9.9 | MIT | 2 | 2015-12-19 - 00:17 | over 8 years |
1.9.8 | MIT | 2 | 2015-11-11 - 17:21 | over 8 years |
1.9.7 | MIT | 2 | 2015-11-08 - 10:25 | over 8 years |
1.9.6 | MIT | 2 | 2015-10-16 - 19:40 | over 8 years |
1.9.5 | MIT | 2 | 2015-10-15 - 20:14 | over 8 years |
1.9.4 | MIT | 2 | 2015-10-05 - 08:42 | over 8 years |
1.9.3 | MIT | 2 | 2015-10-03 - 14:51 | over 8 years |
1.8.4 | MIT | 2 | 2015-09-18 - 21:43 | over 8 years |
1.8.3 | MIT | 2 | 2015-09-18 - 21:39 | over 8 years |
1.8.2 | MIT | 2 | 2015-08-28 - 17:15 | over 8 years |
1.7.5 | MIT | 2 | 2015-07-09 - 21:14 | almost 9 years |
1.7.4 | MIT | 2 | 2015-07-09 - 15:43 | almost 9 years |
1.7.3 | MIT | 2 | 2015-07-09 - 11:40 | almost 9 years |
1.7.0 | MIT | 2 | 2015-07-02 - 17:10 | almost 9 years |
1.6.0 | MIT | 2 | 2015-05-16 - 08:08 | almost 9 years |
1.5.1 | MIT | 2 | 2015-04-04 - 04:57 | about 9 years |
1.5.0 | MIT | 2 | 2015-02-28 - 04:35 | about 9 years |
1.4.3 | MIT | 2 | 2015-02-13 - 12:48 | about 9 years |
1.4.2 | MIT | 2 | 2015-02-13 - 12:05 | about 9 years |
1.4.1 | MIT | 2 | 2015-01-14 - 16:51 | over 9 years |
1.4.0 | MIT | 2 | 2015-01-07 - 18:31 | over 9 years |
1.3.7 | MIT | 2 | 2014-12-17 - 13:09 | over 9 years |
1.3.2 | MIT | 2 | 2014-12-08 - 07:12 | over 9 years |
1.1.3 | MIT | 2 | 2014-09-19 - 07:55 | over 9 years |
1.0.0 | MIT | 2 | 2014-09-02 - 13:16 | over 9 years |
0.2.5 | MIT | 2 | 2014-05-17 - 14:40 | almost 10 years |
0.2.3 | MIT | 2 | 2014-05-14 - 15:20 | about 10 years |
0.2.2 | MIT | 2 | 2014-05-14 - 15:15 | about 10 years |
0.2.1 | MIT | 2 | 2014-04-07 - 09:42 | about 10 years |
0.2.0 | MIT | 2 | 2014-04-06 - 13:52 | about 10 years |
0.1.6 | MIT | 2 | 2014-04-06 - 11:04 | about 10 years |
0.1.5 | MIT | 2 | 2014-04-06 - 10:07 | about 10 years |