EUVD-2021-1976

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-10747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of...

Rocky Linux 8 : nodejs:12 (RLSA-2021:0549)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0549 advisory. - The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker...

RHEL 7 : rh-nodejs12-nodejs (RHSA-2021:0485)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0485 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Security Bulletin: Medium/low severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)

Summary Vulnerabilities in libraries used by libraries in IBM Spectrum Discover allow to a remote attackers by conduct of methodes like phishing attacks,brute force attack or execution of arbitrary code to get sensitive information, denial service condition, and other problems. Vulnerability...

CVE-2021-23440

A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. If the user-provided keys used in the path parameter are arrays, the function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or...

Prototype Pollution in set-value

This affects the package set-value. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

GHSA-4JQC-8M5R-9RPR Prototype Pollution in set-value

This affects the package set-value. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

Prototype Pollution

set-value is vulnerable to prototype pollution. Lack of validation in type of user-provided keys in the path parameter causes a bypass of CVE-2019-10747. The exploit is possible when the user-provided keys used in the path parameter are arrays...

CVE-2019-10747

creationtimestamp| type| source ---|---|--- 2021-09-12 16:13:21+00:00| seen| https://t.me/cibsecurity/28705...

DEBIAN-CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

Type confusion

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

CVE-2021-23440

CVE-2021-23440 is tied to a vulnerability in the Node.js set-value package (prototype pollution/type confusion) that affects versions =3.0.0

CVE-2021-23440 Prototype Pollution

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

set-value 安全漏洞

set-value is a module that can set nested values on objects using dot representation. A security vulnerability exists in set-value that stems from a type confusion vulnerability that could lead to a bypass of CVE-2019-10747 when the user-supplied key used in the path parameter is an array...

@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2019-10747 +1 more via set-value (>=3.0.0 <=3.0.2)

set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2019-10747, CVE-2021-23440 Source advisory: SNYK:JS-SETVALUE-1540541...

Prototype Pollution

Overview set-value is a package that creates nested values and any intermediaries using dot notation 'a.b.c' paths. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in th...

RLSA-2021:0549 Moderate: nodejs:12 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.20.1, nodejs-nodemon 2.0.3. Security Fixes: nodejs-mixin-deep: prototype pollutio...

RHEL 8 : nodejs:12 (RHSA-2021:0549)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0549 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...