14 matches found
Ubuntu: Security Advisory (USN-5967-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5967-1: object-path vulnerabilities
It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash. CVE-2020-15256, CVE-2021-23434, CVE-2021-3805...
Debian: Security Advisory (DLA-3291-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3291-1] node-object-path security update
Debian LTS Advisory DLA-3291-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 29, 2023 https://wiki.debian.org/LTS Package : node-object-path Version : 0.11.4-2+deb10u2 CVE ID : CVE-2021-3805 CVE-2021-23434 It was discovered that node-object-path, a Node.j...
Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.9 security, bug, and container updates
Red Hat Advanced Cluster Management for Kubernetes 2.2.9 General Availability release images, which provide security updates, one or more container updates, and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +5580 more potentially affected by CVE-2021-23434 via object-path (>=0.0.1 <=0.11.5)
object-path NPM version =0.0.1, =1.0.1, =8.4.2, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =1.0.0, =0.0.1, =0.0.22 - @0soft/zero-material-ui =0.0.23-alpha.3 and more Source cves: CVE-2021-23434 Source advisory: OSV:GHSA-V39P-96QG-C8RF...
CVE-2021-23434
Prototype pollution has been discovered in object-path NodeJS library. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'...
CVE-2021-23434
creationtimestamp| type| source ---|---|--- 2021-08-27 20:28:18+00:00| seen| https://t.me/cibsecurity/27955...
CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
CVE-2021-23434
The CVE-2021-23434 entry concerns the Node.js object-path package (versions before 0.11.6) with a type confusion vulnerability that can bypass the CVE-2020-15256 fix when path components are arrays. The condition currentPath === 'proto ' fails for currentPath = ['proto '], enabling potential expl...
CVE-2021-23434 Prototype Pollution
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...