Lucene search
K

49 matches found

CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

flatted 安全漏洞

Flatted is a lightweight and fast cycle-based JSON parser developed by Andrea Giammarchi. Versions of Flatted prior to 3.4.2 contained a security vulnerability. This vulnerability stemmed from the parse function not verifying whether the string values controlled by the attacker were actually...

9.8CVSS6.1AI score0.00808EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/03/19 5:43 p.m.8 views

org.webjars.npm:file-entry-cache (>=5.0.1 <=6.0.1), org.webjars.npm:flat-cache (>=2.0.1 <=3.0.4) +6 more potentially affected by CVE-2026-33228 via org.webjars.npm:flatted (>=2.0.1 <=3.3.4)

org.webjars.npm:flatted MAVEN version =2.0.1, =5.0.1, =2.0.1, =3.3.1, =0.3.16, =0.2.107, =1.1.13, =0.1.30, =1.7.6, =2.0.2 Source cves: CVE-2026-33228 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15700434...

9.8CVSS6AI score0.00808EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/19 5:43 p.m.5 views

@ahmttyydn/pre-post-request-scripts (>=1.0.0 <=1.0.9), @alfresco/adf-testing (=6.0.0-A.2-8258) +363 more potentially affected by CVE-2026-33228 via flatted (>=3.0.1 <=3.4.1)

flatted NPM version =3.0.1, =1.0.0, =0.0.2, =1.1.0, =1.0.0, =1.0.0, =0.0.10, =0.0.11, =0.0.4, =1.0.0, =0.0.20, =0.0.19, =1.2.2, =1.5.8 and more Source cves: CVE-2026-33228 Source advisory: SNYK:JS-FLATTED-15700433...

9.8CVSS6AI score0.00808EPSS
Exploits1
OSV
OSV
added 2026/03/19 5:43 p.m.8 views

GHSA-RF6F-7FWH-WJGH Prototype Pollution via parse() in NodeJS flatted

--- Summary The parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "\proto\" returns Array.prototype via the...

9.3CVSS6.1AI score0.00808EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/19 5:43 p.m.5 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the prototype chain by supplying a specially crafted string that causes the returned object to reference Array.prototype, allowing subsequent writes to that property...

9.8CVSS6.6AI score0.00808EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/19 5:43 p.m.30 views

Prototype Pollution via parse() in NodeJS flatted

--- Summary The parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "\proto\" returns Array.prototype via the...

9.8CVSS6AI score0.00808EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.8 views

PT-2026-26465

Name of the Vulnerable Software and Affected Versions flatted versions prior to 3.4.2 Description flatted is a circular JSON parser. The parse function does not validate that string values from the parsed JSON used as array index keys are numeric. This allows attacker-controlled strings, such as ...

9.8CVSS5.5AI score0.00808EPSS
Exploits1References24
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 3:18 p.m.8 views

Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench is affected by a stack overflow that crashes the Node.js process (CVE-2026-32141)

Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-32141 DESCRIPTION: flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given...

7.5CVSS5.9AI score0.00777EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/13 3:40 p.m.7 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 02_add_lodash (=1.0.0) +18519 more potentially affected by CVE-2026-32141 via flatted (>=0.2.3 <=3.3.4)

flatted NPM version =0.2.3, =1.0.1, =1.0.0, =0.1.0, =1.0.1, =0.1.0, =0.1.2, =0.0.2, =0.0.36 - 6o-vsamaru =1.0.0 and more Source cves: CVE-2026-32141 Source advisory: OSV:GHSA-25H7-PFQ9-P65F...

7.5CVSS7.2AI score0.00777EPSS
Exploits1
OSV
OSV
added 2026/03/13 3:40 p.m.2 views

GHSA-25H7-PFQ9-P65F flatted vulnerable to unbounded recursion DoS in parse() revive phase

Summary flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. Impact...

7.5CVSS5.9AI score0.00777EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/13 3:40 p.m.4 views

EUVD-2026-11653

flatted vulnerable to unbounded recursion DoS in parse revive phase...

7.5CVSS5.8AI score0.00777EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/13 3:40 p.m.14 views

flatted vulnerable to unbounded recursion DoS in parse() revive phase

Summary flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. Impact...

7.5CVSS5.9AI score0.00777EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-32141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON...

7.5CVSS7.2AI score0.00777EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/12 11:48 p.m.2 views

CVE-2026-32141

A denial of service flaw has been discovered in the flatted npm library. flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded,...

7.5CVSS5.6AI score0.00777EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2026/03/12 8:41 p.m.7 views

@ahmttyydn/pre-post-request-scripts (>=1.0.0 <=1.0.9), @alfresco/adf-testing (=6.0.0-A.2-8258) +360 more potentially affected by CVE-2026-32141 via flatted (>=3.0.1 <=3.3.4)

flatted NPM version =3.0.1, =1.0.0, =0.0.2, =1.1.0, =1.0.0, =1.0.0, =0.0.10, =0.0.11, =0.0.4, =1.0.0, =0.0.20, =0.0.19, =1.2.2, =1.5.8 and more Source cves: CVE-2026-32141 Source advisory: SNYK:JS-FLATTED-15518041...

7.5CVSS7.2AI score0.00777EPSS
Exploits1
Snyk
Snyk
added 2026/03/12 8:41 p.m.2 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parse function due to using a recursive revive phase to resolve circular references in deserialized JSON. An attacker can cause a stack overflow and crash the process by supplying a crafted payload with...

8.7CVSS5.9AI score0.00777EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/12 8:41 p.m.11 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parse function due to using a recursive revive phase to resolve circular references in deserialized JSON. An attacker can cause a stack overflow and crash the process by supplying a crafted payload with...

8.7CVSS5.9AI score0.00777EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/12 8:41 p.m.9 views

org.webjars.npm:file-entry-cache (>=5.0.1 <=6.0.1), org.webjars.npm:flat-cache (>=2.0.1 <=3.0.4) +6 more potentially affected by CVE-2026-32141 via org.webjars.npm:flatted (>=2.0.1 <=3.3.4)

org.webjars.npm:flatted MAVEN version =2.0.1, =5.0.1, =2.0.1, =3.3.1, =0.3.16, =0.2.107, =1.1.13, =0.1.30, =1.7.6, =2.0.2 Source cves: CVE-2026-32141 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15518042...

7.5CVSS7.1AI score0.00777EPSS
Exploits1
OSV
OSV
added 2026/03/12 6:16 p.m.2 views

DEBIAN-CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

7.5CVSS7.5AI score0.00777EPSS
Exploits1References1
NVD
NVD
added 2026/03/12 6:16 p.m.5 views

CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

7.5CVSS0.00777EPSS
Exploits1References12
Rows per page
Query Builder