Lucene search
K

14 matches found

OpenVAS
OpenVAS
added 2023/03/23 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-5967-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.0203EPSS
Exploits2References2
Ubuntu
Ubuntu
added 2023/03/22 12:7 a.m.73 views

USN-5967-1: object-path vulnerabilities

It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash. CVE-2020-15256, CVE-2021-23434, CVE-2021-3805...

9.8CVSS7.4AI score0.0203EPSS
Exploits2
OpenVAS
OpenVAS
added 2023/01/30 12:0 a.m.17 views

Debian: Security Advisory (DLA-3291-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS8.7AI score0.0203EPSS
Exploits2References4
Debian
Debian
added 2023/01/29 4:18 p.m.30 views

[SECURITY] [DLA 3291-1] node-object-path security update

Debian LTS Advisory DLA-3291-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 29, 2023 https://wiki.debian.org/LTS Package : node-object-path Version : 0.11.4-2+deb10u2 CVE ID : CVE-2021-3805 CVE-2021-23434 It was discovered that node-object-path, a Node.j...

9.8CVSS7.1AI score0.0203EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2021/10/14 10:38 p.m.75 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.9 security, bug, and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.2.9 General Availability release images, which provide security updates, one or more container updates, and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...

9.8CVSS6.8AI score0.52838EPSS
Exploits13References11
vulnersOsv
vulnersOsv
added 2021/09/01 6:37 p.m.6 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +5580 more potentially affected by CVE-2021-23434 via object-path (>=0.0.1 <=0.11.5)

object-path NPM version =0.0.1, =1.0.1, =8.4.2, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =1.0.0, =0.0.1, =0.0.22 - @0soft/zero-material-ui =0.0.23-alpha.3 and more Source cves: CVE-2021-23434 Source advisory: OSV:GHSA-V39P-96QG-C8RF...

8.6CVSS7.1AI score0.01902EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2021/08/31 6:49 p.m.55 views

CVE-2021-23434

Prototype pollution has been discovered in object-path NodeJS library. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'...

9.8CVSS2AI score0.01902EPSS
Exploits1References5
Circl
Circl
added 2021/08/27 8:28 p.m.8 views

CVE-2021-23434

creationtimestamp| type| source ---|---|--- 2021-08-27 20:28:18+00:00| seen| https://t.me/cibsecurity/27955...

8.6CVSS7.6AI score0.01902EPSS
Exploits1References1
NVD
NVD
added 2021/08/27 5:15 p.m.17 views

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

8.6CVSS0.01902EPSS
Exploits1References5
OSV
OSV
added 2021/08/27 5:15 p.m.28 views

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

8.6CVSS9.3AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2021/08/27 5:15 p.m.54 views

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

8.6CVSS7.1AI score0.01902EPSS
Exploits1References6
CVE
CVE
added 2021/08/27 4:50 p.m.210 views

CVE-2021-23434

The CVE-2021-23434 entry concerns the Node.js object-path package (versions before 0.11.6) with a type confusion vulnerability that can bypass the CVE-2020-15256 fix when path components are arrays. The condition currentPath === 'proto ' fails for currentPath = ['proto '], enabling potential expl...

8.6CVSS7.2AI score0.01902EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2021/08/27 4:50 p.m.34 views

CVE-2021-23434 Prototype Pollution

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

5.6CVSS9.3AI score0.01902EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2021/08/27 4:50 p.m.37 views

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

8.6CVSS7.6AI score0.01902EPSS
Exploits1
Rows per page
Query Builder