4 matches found
GHSA-86VW-MFPG-WWV9 jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion
Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...
The vulnerability of the JSONata data transformation software lies in the uncontrolled modification of prototype attributes, allowing attackers to execute arbitrary code or cause service failures.
The vulnerability of the JSONata data transformation software is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service failures...
@3c-node-red/runtime (=3.1.6), @adeunis/node-red-contrib-adeunis-codecs (=1.0.0) +244 more potentially affected by CVE-2024-27307 via jsonata (>=1.5.0 <=1.8.6)
jsonata NPM version =1.5.0, =20.2.3, =5.0.0, =0.8.0, =0.0.1, =1.0.0, =1.0.1, =2.0.0, =2.0.4 - @elastic.io/batching-library =2.0.1-dev.4 and more Source cves: CVE-2024-27307 Source advisory: OSV:GHSA-FQG8-VFV7-8FJ8...
@bifravst/muninn-proto (>=5.0.0 <=5.2.0-chart-proto.1), @cenk1cenk2/renovate-config (>=2.3.132 <=2.3.148) +9 more potentially affected by CVE-2024-27307 via jsonata (=2.0.3)
jsonata NPM version =2.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on jsonata and may be impacted: - @bifravst/muninn-proto =5.0.0, =2.3.132, =1.0.0, =1.0.0, =0.14.0, =5.1.0, =4.0.0, =1.0.7, =36.7.0, =37.227.0 Source cves: CVE-2024-27307 Source...