Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-1957

Malware in sbrugna...

9.8CVSS8.1AI score0.0178EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/24 5:15 p.m.42 views

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37601 DESCRIPTION: webpack...

9.8CVSS9AI score0.0434EPSS
Exploits9Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.4 views

SUSE CVE-2020-28477

This affects all versions of package immer...

7.5CVSS8.9AI score0.02293EPSS
Exploits1References3
Veracode
Veracode
added 2021/09/03 3:37 a.m.60 views

Prototype Pollution

immer is vulnerable prototype pollution. The vulnerability was introduced by the fix provided for CVE-2020-28477 which allows insecure modification of Object Prototype Attributes...

9.8CVSS3.9AI score0.02293EPSS
Exploits2References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/09/02 5:17 p.m.123 views

Prototype Pollution in immer

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS8.4AI score0.0178EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/09/01 6:15 p.m.45 views

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS9.4AI score
Exploits0References3
Prion
Prion
added 2021/09/01 6:15 p.m.31 views

Type confusion

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

7.5CVSS8.3AI score0.02293EPSS
Exploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/09/01 5:28 p.m.4 views

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS5.5AI score0.02293EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.9 views

Immer 安全漏洞

Immer is a Javascript-based state management library from the Immer community. A security vulnerability exists in versions prior to immer 9.0.6 that stems from when the user-supplied key used in the path parameter is an array, which could lead to a bypass of CVE-2020-28477...

9.8CVSS7.6AI score0.02293EPSS
Exploits2References6
vulnersOsv
vulnersOsv
added 2021/08/12 5:14 p.m.11 views

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38723 more potentially affected by CVE-2020-28477 +1 more via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

9.8CVSS7.1AI score0.02293EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.69 views

RHEL 8 : RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, (Moderate) (RHSA-2021:1169)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1169 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as...

7.5CVSS7.3AI score0.0367EPSS
Exploits3References41
RedHat Linux
RedHat Linux
added 2021/04/14 4:34 p.m.90 views

Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, bug fix, enhancement

An update is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS7.3AI score0.0367EPSS
Exploits3References35
Check Point Advisories
Check Point Advisories
added 2021/02/24 12:0 a.m.11 views

Arbitrary Command Injection Over HTTP Traffic (CVE-2020-19165; CVE-2020-24219; CVE-2020-28477; CVE-2021-26747; CVE-2021-27328)

Arbitrary Command Injection Over HTTP Traffic...

10CVSS1.2AI score0.53598EPSS
Exploits10
vulnersOsv
vulnersOsv
added 2021/01/20 9:27 p.m.4 views

0i0 (=1.0.10), @1productaweek/react-stately (>=0.1.1 <=0.1.7) +1067 more potentially affected by CVE-2020-28477 via immer (>=7.0.0 <=8.0.0)

immer NPM version =7.0.0, =0.1.1, =0.1.0, =0.0.3-alpha.52, =0.0.10, =0.0.1, =0.1.0, =0.1.1, =0.97.1-20210526212817, =0.1.0, =2.3.1, =1.0.59, =4.4.2, =4.5.9 and more Source cves: CVE-2020-28477 Source advisory: OSV:GHSA-9QMH-276G-X5PJ...

7.5CVSS7.1AI score0.02293EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2021/01/20 8:55 a.m.29 views

CVE-2020-28477

This affects all versions of package immer...

7.5CVSS5.2AI score0.02293EPSS
Exploits1References4
OSV
OSV
added 2021/01/19 11:15 a.m.29 views

CVE-2020-28477

This affects all versions of package immer...

7.5CVSS6.6AI score
Exploits0References3
Cvelist
Cvelist
added 2021/01/19 10:20 a.m.21 views

CVE-2020-28477 Prototype Pollution

This affects all versions of package immer...

7.5CVSS6.7AI score0.02293EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2021/01/19 10:20 a.m.23 views

CVE-2020-28477

This affects all versions of package immer...

7.5CVSS9.6AI score0.02293EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2020/10/18 2:20 p.m.4 views

0i0 (=1.0.10), @1productaweek/react-stately (>=0.1.1 <=0.1.7) +1067 more potentially affected by CVE-2020-28477 via immer (>=7.0.0 <=8.0.0)

immer NPM version =7.0.0, =0.1.1, =0.1.0, =0.0.3-alpha.52, =0.0.10, =0.0.1, =0.1.0, =0.1.1, =0.97.1-20210526212817, =0.1.0, =2.3.1, =1.0.59, =4.4.2, =4.5.9 and more Source cves: CVE-2020-28477 Source advisory: SNYK:JS-IMMER-1019369...

7.5CVSS7.1AI score0.02293EPSS
Exploits1
Rows per page
Query Builder