NodeJS/hellojs/1.16.1


A clientside Javascript library for standardizing requests to OAuth2 web services (and OAuth1 - with a shim)

https://www.npmjs.com/package/hellojs
MIT

2 Security Vulnerabilities

XSS in hello.js

Published date: 2021-01-13T19:07:01Z
CVE: CVE-2020-7741
Links:

This affects the package hello.js before 1.18.6. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauthredirect, such as javascript:alert(1).

Affected versions: ["0.1.5", "0.1.6", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.5", "1.0.0", "1.1.3", "1.3.2", "1.3.7", "1.4.0", "1.4.1", "1.4.2", "1.4.3", "1.5.0", "1.5.1", "1.6.0", "1.7.0", "1.7.3", "1.7.4", "1.7.5", "1.8.2", "1.8.3", "1.8.4", "1.9.3", "1.9.4", "1.9.5", "1.9.6", "1.9.7", "1.9.8", "1.9.9", "1.10.0", "1.10.1", "1.11.0", "1.11.1", "1.11.2", "1.12.0", "1.13.1", "1.13.2", "1.13.3", "1.13.4", "1.13.5", "1.13.6", "1.14.0", "1.14.1", "1.15.0", "1.15.1", "1.16.0", "1.16.1", "1.17.1", "1.18.0", "1.18.1", "1.18.3", "1.18.4"]
Secure versions: [2.0.0-2, 2.0.0-3, 2.0.0-4, 1.18.8, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.20.0]
Recommendation: Update to version 2.0.0-4.

MrSwitch hello.js vulnerable to prototype pollution

Published date: 2023-08-11T15:30:46Z
CVE: CVE-2021-26505
Links:

A prototype pollution vulnerability in MrSwitch hello.js prior to version 1.18.8 allows remote attackers to execute arbitrary code via hello.utils.extend function.

Affected versions: ["0.1.5", "0.1.6", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.5", "1.0.0", "1.1.3", "1.3.2", "1.3.7", "1.4.0", "1.4.1", "1.4.2", "1.4.3", "1.5.0", "1.5.1", "1.6.0", "1.7.0", "1.7.3", "1.7.4", "1.7.5", "1.8.2", "1.8.3", "1.8.4", "1.9.3", "1.9.4", "1.9.5", "1.9.6", "1.9.7", "1.9.8", "1.9.9", "1.10.0", "1.10.1", "1.11.0", "1.11.1", "1.11.2", "1.12.0", "1.13.1", "1.13.2", "1.13.3", "1.13.4", "1.13.5", "1.13.6", "1.14.0", "1.14.1", "1.15.0", "1.15.1", "1.16.0", "1.16.1", "1.17.1", "1.18.0", "1.18.1", "1.18.3", "1.18.4", "1.18.6"]
Secure versions: [2.0.0-2, 2.0.0-3, 2.0.0-4, 1.18.8, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.20.0]
Recommendation: Update to version 2.0.0-4.

67 Other Versions

Version License Security Released
2.0.0-4 MIT 2017-07-13 - 21:04 over 6 years
2.0.0-3 MIT 2017-07-10 - 21:50 over 6 years
2.0.0-2 MIT 2017-07-05 - 13:43 over 6 years
1.20.0 MIT 2023-01-25 - 21:54 about 1 year
1.19.5 MIT 2021-09-19 - 08:38 over 2 years
1.19.4 MIT 2021-06-24 - 20:26 almost 3 years
1.19.3 MIT 2021-04-13 - 16:49 almost 3 years
1.19.2 MIT 2021-03-20 - 23:53 about 3 years
1.19.1 MIT 2021-03-20 - 23:41 about 3 years
1.19.0 MIT 2021-03-20 - 21:57 about 3 years
1.18.8 MIT 2021-02-02 - 19:41 about 3 years
1.18.6 MIT 1 2020-10-06 - 13:37 over 3 years
1.18.4 MIT 2 2020-01-09 - 08:41 about 4 years
1.18.3 MIT 2 2020-01-09 - 08:36 about 4 years
1.18.1 MIT 2 2019-02-19 - 12:39 about 5 years
1.18.0 MIT 2 2019-02-14 - 08:39 about 5 years
1.17.1 MIT 2 2018-07-20 - 10:33 over 5 years
1.16.1 MIT 2 2017-12-02 - 10:40 over 6 years
1.16.0 MIT 2 2017-12-01 - 11:10 over 6 years
1.15.1 MIT 2 2017-06-19 - 22:52 almost 7 years
1.15.0 MIT 2 2017-06-14 - 11:23 almost 7 years
1.14.1 MIT 2 2017-03-07 - 10:58 about 7 years
1.14.0 MIT 2 2016-09-17 - 07:58 over 7 years
1.13.6 MIT 2 2016-09-08 - 22:40 over 7 years
1.13.5 MIT 2 2016-08-31 - 13:24 over 7 years
1.13.4 MIT 2 2016-08-07 - 19:55 over 7 years
1.13.3 MIT 2 2016-07-09 - 09:35 over 7 years
1.13.2 MIT 2 2016-07-05 - 08:42 over 7 years
1.13.1 MIT 2 2016-05-10 - 09:10 almost 8 years
1.12.0 MIT 2 2016-02-27 - 23:13 about 8 years
1.11.2 MIT 2 2016-02-27 - 14:18 about 8 years
1.11.1 MIT 2 2016-02-26 - 21:43 about 8 years
1.11.0 MIT 2 2016-02-24 - 22:21 about 8 years
1.10.1 MIT 2 2016-01-14 - 22:05 about 8 years
1.10.0 MIT 2 2016-01-07 - 10:00 about 8 years
1.9.9 MIT 2 2015-12-19 - 00:17 over 8 years
1.9.8 MIT 2 2015-11-11 - 17:21 over 8 years
1.9.7 MIT 2 2015-11-08 - 10:25 over 8 years
1.9.6 MIT 2 2015-10-16 - 19:40 over 8 years
1.9.5 MIT 2 2015-10-15 - 20:14 over 8 years
1.9.4 MIT 2 2015-10-05 - 08:42 over 8 years
1.9.3 MIT 2 2015-10-03 - 14:51 over 8 years
1.8.4 MIT 2 2015-09-18 - 21:43 over 8 years
1.8.3 MIT 2 2015-09-18 - 21:39 over 8 years
1.8.2 MIT 2 2015-08-28 - 17:15 over 8 years
1.7.5 MIT 2 2015-07-09 - 21:14 over 8 years
1.7.4 MIT 2 2015-07-09 - 15:43 over 8 years
1.7.3 MIT 2 2015-07-09 - 11:40 over 8 years
1.7.0 MIT 2 2015-07-02 - 17:10 over 8 years
1.6.0 MIT 2 2015-05-16 - 08:08 almost 9 years
1.5.1 MIT 2 2015-04-04 - 04:57 almost 9 years
1.5.0 MIT 2 2015-02-28 - 04:35 about 9 years
1.4.3 MIT 2 2015-02-13 - 12:48 about 9 years
1.4.2 MIT 2 2015-02-13 - 12:05 about 9 years
1.4.1 MIT 2 2015-01-14 - 16:51 about 9 years
1.4.0 MIT 2 2015-01-07 - 18:31 about 9 years
1.3.7 MIT 2 2014-12-17 - 13:09 over 9 years
1.3.2 MIT 2 2014-12-08 - 07:12 over 9 years
1.1.3 MIT 2 2014-09-19 - 07:55 over 9 years
1.0.0 MIT 2 2014-09-02 - 13:16 over 9 years
0.2.5 MIT 2 2014-05-17 - 14:40 almost 10 years
0.2.3 MIT 2 2014-05-14 - 15:20 almost 10 years
0.2.2 MIT 2 2014-05-14 - 15:15 almost 10 years
0.2.1 MIT 2 2014-04-07 - 09:42 almost 10 years
0.2.0 MIT 2 2014-04-06 - 13:52 almost 10 years
0.1.6 MIT 2 2014-04-06 - 11:04 almost 10 years
0.1.5 MIT 2 2014-04-06 - 10:07 almost 10 years