49 matches found
CVE-2024-39001
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
EUVD-2020-1346
Malware in sbrugna...
Cross-Site Scripting (XSS)
ag-grid is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of grid contents, which allows an attacker to execute arbitrary JavaScript when user input is rendered in the grid...
CVE-2024-38996
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
Prototype Pollution
ag-grid-community and ag-grid-enterprise are vulnerable to prototype pollution. The vulnerability is due to the .mergeDeep function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
Prototype Pollution
ag-grid-enterprise is vulnerable to Prototype Pollution. The vulnerability is due to the functions .mergeDeep, ModuleSupport.jsonApply, ModuleSupport.setPath, and Util.jsonApply accepting arguments that include the built-in property proto. Attackers can exploit this by passing specially crafted...
GHSA-328P-362G-R48J ag-grid packages vulnerable to Prototype Pollution
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
ag-grid packages vulnerable to Prototype Pollution
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
5p-buyform (>=0.0.1 <=0.0.4), 5paisa-tradingview-webhook (>=0.0.1 <=0.0.2) +232 more potentially affected by CVE-2024-39001 via ag-grid-enterprise (>=12.0.2 <=31.3.2)
ag-grid-enterprise NPM version =12.0.2, =0.0.1, =0.0.1, =1.0.21, =0.0.70, =0.1.43, =0.0.1, =0.1.46, =0.0.1, =0.0.1-rc.0, =4.0.0-alpha, =2.0.0, =1.1.0, =1.0.1, =0.0.0, =0.0.1-991 and more Source cves: CVE-2024-39001 Source advisory: OSV:GHSA-328P-362G-R48J...
@nokecy/qc-ui (>=0.4.7 <=0.9.6), ag-grid-charts-enterprise (=32.0.0) +3 more potentially affected by CVE-2024-39001 via ag-grid-community (=32.0.0)
ag-grid-community NPM version =32.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ag-grid-community and may be impacted: - @nokecy/qc-ui =0.4.7, =0.9.6 - ag-grid-charts-enterprise =32.0.0 - ag-grid-enterprise =32.0.0 - ag-grid-react =32.0.0 -...
5p-buyform (>=0.0.1 <=0.0.4), 5paisa-tradingview-webhook (>=0.0.1 <=0.0.2) +586 more potentially affected by CVE-2024-39001 via ag-grid-community (>=19.0.0 <=31.3.2)
ag-grid-community NPM version =19.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.1, =0.1.1, =14.3.14, =0.0.15, =0.1.43--canary.7d2bdde.0, =0.0.1, =0.1.46, =0.0.0-6.1-rc-20220114175111, =4.4.1-alpha.8, =1.1.0, =0.1.4, =0.2.7 and more Source cves: CVE-2024-39001 Source advisory: OSV:GHSA-328P-362G-R48J...
@ag-grid-enterprise/all-modules (>=22.0.0 <=27.3.0), @ag-grid-enterprise/charts-enterprise (>=31.1.0 <=31.3.3) +55 more potentially affected by CVE-2024-39001 via @ag-grid-enterprise/charts (>=22.0.0 <=31.3.3)
@ag-grid-enterprise/charts NPM version =22.0.0, =22.0.0, =31.1.0, =0.1.43, =0.0.1, =0.1.46, =0.0.1, =0.0.6, =2.1.5, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2024-39001 Source advisory: OSV:GHSA-328P-362G-R48J...
5p-buyform (>=0.0.1 <=0.0.4), 5paisa-tradingview-webhook (>=0.0.1 <=0.0.2) +232 more potentially affected by CVE-2024-38996 via ag-grid-enterprise (>=12.0.2 <=31.3.2)
ag-grid-enterprise NPM version =12.0.2, =0.0.1, =0.0.1, =1.0.21, =0.0.70, =0.1.43, =0.0.1, =0.1.46, =0.0.1, =0.0.1-rc.0, =4.0.0-alpha, =2.0.0, =1.1.0, =1.0.1, =0.0.0, =0.0.1-991 and more Source cves: CVE-2024-38996 Source advisory: OSV:GHSA-876P-C77M-X2HC...
5p-buyform (>=0.0.1 <=0.0.4), 5paisa-tradingview-webhook (>=0.0.1 <=0.0.2) +586 more potentially affected by CVE-2024-38996 via ag-grid-community (>=19.0.0 <=31.3.2)
ag-grid-community NPM version =19.0.0, =0.0.1, =0.0.1, =0.0.4, =0.0.1, =0.1.1, =14.3.14, =0.0.15, =0.1.43--canary.7d2bdde.0, =0.0.1, =0.1.46, =0.0.0-6.1-rc-20220114175111, =4.4.1-alpha.8, =1.1.0, =0.1.4, =0.2.7 and more Source cves: CVE-2024-38996 Source advisory: OSV:GHSA-876P-C77M-X2HC...
GHSA-876P-C77M-X2HC Prototype pollution in ag-grid-community via the _.mergeDeep function
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties. Prior versions were also found ...
Prototype pollution in ag-grid-community via the _.mergeDeep function
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties. Prior versions were also found ...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview org.webjars.npm:ag-grid-community is a fully-featured and highly customizable JavaScript data grid. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the .mergeDeep function. An attacker can execute...
CVE-2024-38996
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-38996
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-39001
ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...