Malicious code in json-schema-verify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2806afc266e5a393fae137cdfc3b662c6185c8a15e38486f79a22f6962cd0ea8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

meltano (>=2.16.0 <=3.6.0b4), nmdc-schema (>=0.0.0 <=7.4.12) +2 more potentially affected by CVE-2024-53848 via check-jsonschema (>=0.19.2 <=0.29.4)

check-jsonschema PYPI version =0.19.2, =2.16.0, =0.0.0, =0.3.0, =0.3.0, =0.4.1 Source cves: CVE-2024-53848 Source advisory: SNYK:PYTHON-CHECKJSONSCHEMA-8445277...

MAL-2024-11047 Malicious code in json-schema-editor-visual-yapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2c434b89e0272562d45ccf56680fe4b6edf72651ddb2603233fa84ad67bf2c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in json-schema-editor-visual-yapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c2c434b89e0272562d45ccf56680fe4b6edf72651ddb2603233fa84ad67bf2c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 40 Update: python-fastapi-0.111.1-7.fc40

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.8+ based on standard Python type hints. The key features are: =E2=80=A2 Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python frameworks available...

org.webjars.npm:json-schema-faker (>=0.5.0-rcv.29 <=0.5.0-rcv.33) potentially affected by CVE-2024-21534 via org.webjars.npm:jsonpath-plus (=3.0.0)

org.webjars.npm:jsonpath-plus MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jsonpath-plus and may be impacted: - org.webjars.npm:json-schema-faker =0.5.0-rcv.29, =0.5.0-rcv.33 Source cves: CVE-2024-21534 Source...

Spring AI Embraces OpenAI's Structured Outputs: Enhancing JSON Response Reliability

OpenAI recently introduced a powerful feature called Structured Outputs, which ensures that AI-generated responses adhere strictly to a predefined JSON schema. This feature significantly improves the reliability and usability of AI-generated content in real-world applications. Today, we're excite...

Spring AI with Ollama Tool Support

Earlier this week, Ollama introduced an exciting new feature: tool support for Large Language Models LLMs. Today, we're thrilled to announce that Spring AI 1.0.0-SNAPSHOT has fully embraced this powerful feature, bringing Ollama's function calling capabilities to the Spring ecosystem. Ollama's to...

Prototype Pollution

@apidevtools/json-schema-ref-parser is vulnerable to Prototype Pollution. The vulnerability is due to inadequate input validation in the bundle, parse, resolve, and dereference functions, allowing a remote attacker to execute arbitrary code...

CVE-2024-29651

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...

CVE-2024-29651

A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle, parse, resolve, dereference functions...

json-schema-ref-parser 安全漏洞

json-schema-ref-parser is an open source library from API Dev Tools in the United States. A security vulnerability exists in versions v.11.0.0 and v.11.1.0 of json-schema-ref-parser, which stems from a vulnerability that allows an attacker to manipulate an object's prototype by passing specially...

RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2.2 (RHSA-2021:0781)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0781 advisory. Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine,...

ROS-20240403-01

A vulnerability in the column.title and cellLinkTooltip components of the Grafana web-based data presentation tool is related to insufficient protection of the web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges A vulnerability in t...

Fedora: Security Advisory for python-fastapi (FEDORA-2024-09c7f715c9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: python-fastapi-0.103.0-10.fc39

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

Rocky Linux 8 : nodejs:12 (RLSA-2020:5499)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:5499 advisory. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows...

SUSE CVE-2020-15366

An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...

How to Protect Against Data Lake Hacking

Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there is no need to manage or pay for resources...

Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of objec...