4 matches found
CVE-2022-23631
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...
CVE-2022-23631
creationtimestamp| type| source ---|---|--- 2022-02-10 00:13:15+00:00| seen| https://t.me/cibsecurity/37126 2022-07-14 13:07:20+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6398 2022-07-16 23:53:49+00:00| published-proof-of-concept| https://t.me/MrVGunz/333 2024-01-09...
0pflow (>=0.1.0 <=0.1.0-dev.f5622ac), 128981semzub (=1.0.1) +755 more potentially affected by CVE-2022-23631 via superjson (>=0.0.5 <=1.8.0)
superjson NPM version =0.0.5, =0.1.0, =1.0.0, =1.4.40, =4.0.61, =4.0.61, =0.4.0, =0.0.1, =0.0.1, =5.10.2-alpha.1, =5.10.2-alpha.2, =1.0.0, =2.0.0-alpha.7, =2.8.0, =3.0.0-beta.15 and more Source cves: CVE-2022-23631 Source advisory: OSV:GHSA-5888-FFCR-R425...
CVE-2022-23631
CVE-2022-23631 affects the superjson library used to serialize JavaScript expressions to a superset of JSON. The vulnerability exists in versions prior to 1.8.1 and enables prototype pollution that can lead to arbitrary code execution on servers processing untrusted superjson input via any endpoi...