CVE-2026-31378 Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

CVE-2024-38984

Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service DoS via the proto property...

Prototype Pollution

json-override is vulnerable to Prototype Pollution. The vulnerability is caused by recursive assignment of properties from source to destination. An attacker can exploit this by injecting proto as a key at the source which can pollute the global prototype and can be escalated to Denial of service...

CVE-2024-38984

Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service DoS via the proto property...

CVE-2024-38984

Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service DoS via the proto property...

CVE-2024-38984

Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service DoS via the proto property...

CVE-2024-38984

Prototype Pollution in lukebond json-override 0.2.0 enables attackers to inject proto properties, leading to arbitrary code execution or Denial of Service. Affected component: json-override (lukebond) v0.2.0. Root cause: recursive assignment via source to destination enabling prototype pollution....

json-override 安全漏洞

json-override is a library by Luke Bond Personal Developer. A security vulnerability exists in json-override version 0.2.0. An attacker exploiting this vulnerability could execute arbitrary code or cause a denial of service...

PT-2024-28301 · Lukebond · Json-Override

Name of the Vulnerable Software and Affected Versions: lukebond json-override version 0.2.0 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS via the proto property. This can be exploited to achieve malicious goals. Recommendations: For lukebond...

CVE-2024-38984

Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service DoS via the proto property...