Lucene search
+L

4 matches found

OSV
OSV
added 2026/07/02 8:13 p.m.4 views

GHSA-86VW-MFPG-WWV9 jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion

Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...

7.5CVSS5.7AI score0.00684EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/03/19 12:0 a.m.6 views

The vulnerability of the JSONata data transformation software lies in the uncontrolled modification of prototype attributes, allowing attackers to execute arbitrary code or cause service failures.

The vulnerability of the JSONata data transformation software is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service failures...

10CVSS7.9AI score0.01422EPSS
Exploits0References9Affected Software1
vulnersOsv
vulnersOsv
added 2024/03/04 8:43 p.m.6 views

@3c-node-red/runtime (=3.1.6), @adeunis/node-red-contrib-adeunis-codecs (=1.0.0) +244 more potentially affected by CVE-2024-27307 via jsonata (>=1.5.0 <=1.8.6)

jsonata NPM version =1.5.0, =20.2.3, =5.0.0, =0.8.0, =0.0.1, =1.0.0, =1.0.1, =2.0.0, =2.0.4 - @elastic.io/batching-library =2.0.1-dev.4 and more Source cves: CVE-2024-27307 Source advisory: OSV:GHSA-FQG8-VFV7-8FJ8...

9.8CVSS7.1AI score0.01422EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/03/04 8:43 p.m.6 views

@bifravst/muninn-proto (>=5.0.0 <=5.2.0-chart-proto.1), @cenk1cenk2/renovate-config (>=2.3.132 <=2.3.148) +9 more potentially affected by CVE-2024-27307 via jsonata (=2.0.3)

jsonata NPM version =2.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on jsonata and may be impacted: - @bifravst/muninn-proto =5.0.0, =2.3.132, =1.0.0, =1.0.0, =0.14.0, =5.1.0, =4.0.0, =1.0.7, =36.7.0, =37.227.0 Source cves: CVE-2024-27307 Source...

9.8CVSS7.1AI score0.01422EPSS
Exploits0
Rows per page
Query Builder