Serialize JavaScript 安全漏洞

"Serialize JavaScript" is a Yahoo open-source project that serializes JavaScript into JSON super sets containing regular expressions and functions. Versions of "Serialize JavaScript" prior to 7.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of a specially craft...

CVE-2026-32701

Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker could cause user-controlled properties to be writte...

EUVD-2004-1803

Malware in sbrugna...

CVE-2024-28859 Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency

Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

SUSE CVE-2011-2613

The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service application crash via a non-array object that contains initial holes...

SUSE CVE-2014-1514

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of servi...

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

Code injection

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

CVE-2022-1802

CVE-2022-1802 involves prototype pollution in JavaScript arrays, enabling attacker-controlled code execution in a privileged context when methods of an Array object can be corrupted. Affected software includes Mozilla Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0...

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

USN-5434-1: Firefox vulnerabilities

It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website, an attacker could exploit this to execute JavaScript in a privileged context...

CVE-2022-1802

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context...

EUVD-2014-3515

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, relate...

CVE-2021-44992

There is an Assertion ''ecmaobjectistypedarray objp'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0...

OESA-2022-1485 numpy security update

A fast multidimensional array facility for Python. Security Fixes: Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.CVE-2021-41496...

Evangelion1204 Multi-ini Resource Management Error Vulnerability

Evangelion1204 Multi-ini is Evangelion1204 individual developers of a Javascript-based language written for Ini configuration file parsing code base . The code base supports compatibility with the Zend file format. A security vulnerability exists in versions of multi-ini prior to 2.1.1, which ste...

Microsoft Edge Chakra JIT - BailOutOnInvalidatedArrayHeadSegment Check Bypass

Microsoft Edge Chakra JIT - BailOutOnInvalidatedArrayHeadSegment Check Bypass / The BailOutOnInvalidatedArrayHeadSegment check uses the JavascriptArray::GetArrayForArrayOrObjectWithArray method to check whether the given object is an array. If it's not an array, it will decide to skip the check...

CVE-2016-7880

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution...