valine

npm4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting valinepage 1 of 1

CVE-2018-19289MEDIUMCVSS 6.1✓ Fixed in 1.3.4
2018-11-15
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.
CVE-2020-28847MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.4.15
2022-04-05
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.
CVE-2021-34801MEDIUMCVSS 5.3EG 5.3
2021-06-16
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
CVE-2022-38545CRITICALCVSS 9.6EG 9.6✓ Fixed in 1.5.0
2022-09-19
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.

Check whether valine is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for valine CVEs against the assets you own.

Start Free Scan →