Vulnerabilities > Umbraengineering

DATE CVE VULNERABILITY TITLE RISK
2018-09-07 CVE-2018-16460 OS Command Injection vulnerability in Umbraengineering PS 0.0.1/0.0.2
A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.
network
low complexity
umbraengineering CWE-78
7.5
2018-07-03 CVE-2018-3751 Improper Input Validation vulnerability in Umbraengineering Merge-Recursive
The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function.
network
low complexity
umbraengineering CWE-20
7.5