CVE-2021-4279

CVE-2021-4279 refers to a prototype pollution vulnerability in Starcounter-Jack JSON-Patch up to version 3.1.0. The issue allows manipulation of Object.prototype attributes and can be triggered remotely. Public disclosures describe a patch in 3.1.1 (patch name 7ad6af41eabb2d799f698740a91284d762c9...

JSON-Patch 安全漏洞

JSON-Patch is a streamlined and averaged Javascript implementation of the JSON Patch standard RFC 6902 by the individual developer Joachim Wester. A security vulnerability exists in JSON-Patch versions prior to 3.1.1, which stems from a prototype contamination that can lead to improperly controll...

PT-2022-11597 · Unknown · Chbrown Rfc6902

Name of the Vulnerable Software and Affected Versions: chbrown rfc6902 affected versions not specified Description: A problematic vulnerability has been found in chbrown rfc6902, affecting an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of obje...

chbrown rfc6902 安全漏洞

rfc6902 is an implementation of rfc6902 in TypeScript by the individual developer Christopher Brown. A security vulnerability exists in chbrown rfc6902, which stems from the fact that incorrect operation can lead to prototype contamination...

Information Disclosure

spring-data-rest-webmvc is vulnerable to information disclosure. The vulnerability exists due to the improper implementation of the JSON patch in the library, allowing an attacker to get information about the hidden entity attributes through maliciously crafted HTTP requests...

Fedora: Security Advisory for golang-github-evanphx-json-patch (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-krishicks-yaml-patch (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-krishicks-yaml-patch-0.0.10-9.20200307git05b3177.fc36

Yaml-patch is a version of Evan Phoenix's json-patch, which is an implementat ion of JavaScript Object Notation JSON Patch, directly transposed to YAML...

[SECURITY] Fedora 36 Update: golang-github-evanphx-json-patch-5.5.0-4.fc36

Jsonpatch is a library which provides functionallity for both applying RFC6902 JSON patches against documents, as well as for calculating & applying RFC7396 JSON merge patches...

Fedora: Security Advisory for golang-github-evanphx-json-patch (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-krishicks-yaml-patch-0.0.10-8.20200307git05b3177.fc35

Yaml-patch is a version of Evan Phoenix's json-patch, which is an implementat ion of JavaScript Object Notation JSON Patch, directly transposed to YAML...

[SECURITY] Fedora 35 Update: golang-github-evanphx-json-patch-5.5.0-3.fc35

Jsonpatch is a library which provides functionallity for both applying RFC6902 JSON patches against documents, as well as for calculating & applying RFC7396 JSON merge patches...

Fedora: Security Advisory for golang-github-evanphx-json-patch (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-krishicks-yaml-patch (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-evanphx-json-patch-5.5.0-3.fc36

Jsonpatch is a library which provides functionallity for both applying RFC6902 JSON patches against documents, as well as for calculating & applying RFC7396 JSON merge patches...

JSON-Patch Out-of-bounds Write vulnerability

An out of bound write can occur when patching an Openshift object using the oc patch functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

GHSA-GXHV-3HWF-WJP9 JSON-Patch Out-of-bounds Write vulnerability

An out of bound write can occur when patching an Openshift object using the oc patch functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

Kubernetes DoS Vulnerability

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

GO-2021-0076 Out-of-bounds write in github.com/evanphx/json-patch

A malicious JSON patch can cause a panic due to an out-of-bounds write attempt. This can be used as a denial of service vector if exposed to arbitrary user input...

Prototype Pollution in starcounter-jack/json-patch

Description fast-json-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js let fastjsonpatch = require"fast-json-patch"; functio...