Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Nic nie znaleziono w bazie WLB2
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2024-10-08
CVE-2024-45277
Updating...
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.
2024-09-17
CVE-2024-45815
Updating...
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in the `1.26.0` release of the `@backstage/plugin-catalog-backend`. All users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-03-15
CVE-2024-2495
Updating...
Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data.
2024-01-22
CVE-2024-23339
Updating...
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties.
2024-01-05
CVE-2023-39296
Updating...
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later
2023-12-12
CVE-2023-26920
Updating...
fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.
2023-12-08
CVE-2023-26158
Updating...
All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). User controlled inputs inside the extend() method of the Mock.Handler, Mock.Random, Mock.RE.Handler or Mock.Util, will allow an attacker to exploit this vulnerability. Workaround By using a denylist of dangerous attributes, this weakness can be eliminated. Add the following line in the Util.extend function: js js if (["__proto__", "constructor", "prototype"].includes(name)) continue js // src/mock/handler.js Util.extend = function extend() { var target = arguments[0] || {}, i = 1, length = arguments.length, options, name, src, copy, clone if (length === 1) { target = this i = 0 } for (; i < length; i++) { options = arguments[i] if (!options) continue for (name in options) { if (["__proto__", "constructor", "prototype"].includes(name)) continue src = target[name] copy = options[name] if (target === copy) continue if (copy === undefined) continue if (Util.isArray(copy) || Util.isObject(copy)) { if (Util.isArray(copy)) clone = src && Util.isArray(src) ? src : [] if (Util.isObject(copy)) clone = src && Util.isObject(src) ? src : {} target[name] = Util.extend(clone, copy) } else { target[name] = copy } } } return target }
2023-11-06
CVE-2023-45827
Updating...
Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.
2023-07-17
CVE-2023-3186
Updating...
The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.
CVE-2023-3696
Updating...
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.
Copyright
2024
, cxsecurity.com
Back to Top