Vulnerabilities (CVE)

Filtered by vendor Mapbox Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38216 1 Mapbox 1 Maps Software Development Kit 2024-02-04 N/A 7.5 HIGH
An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating a new Image and allows for out of bounds writes, potentially crashing the Mapbox process.
CVE-2016-10695 1 Mapbox 1 Npm-test-sqlite3-trunk 2024-02-04 9.3 HIGH 8.1 HIGH
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
CVE-2017-1000043 1 Mapbox 1 Mapbox.js 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control