Lucene search
K

12 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:15 p.m.7 views

Security Bulletin: Lodash Prototype Pollution Bypass in _.unset and _.omit via Array Path Segments

Summary Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

8.2CVSS7.1AI score0.01535EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 7:18 p.m.1 views

CVE-2026-2950 lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002193 advisory. Format string vulnerability in the registerdisk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root...

6CVSS7.2AI score0.0034EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-23440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package set-value before =3.0.0 =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys...

9.8CVSS7.2AI score0.02475EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2021/09/12 12:51 p.m.5 views

CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

9.8CVSS5.4AI score0.02475EPSS
Exploits2References7
OSV
OSV
added 2021/09/02 5:17 p.m.3 views

GHSA-33F9-J839-RF8H Prototype Pollution in immer

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS7.1AI score0.0178EPSS
Exploits1References5
OSV
OSV
added 2021/09/01 6:37 p.m.2 views

GHSA-V39P-96QG-C8RF Prototype Pollution in object-path

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

5.6CVSS7.1AI score0.01902EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2021/09/01 5:28 p.m.4 views

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

9.8CVSS5.5AI score0.02293EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.9 views

Immer 安全漏洞

Immer is a Javascript-based state management library from the Immer community. A security vulnerability exists in versions prior to immer 9.0.6 that stems from when the user-supplied key used in the path parameter is an array, which could lead to a bypass of CVE-2020-28477...

9.8CVSS7.6AI score0.02293EPSS
Exploits2References6
Snyk
Snyk
added 2021/08/31 7:51 p.m.3 views

Prototype Pollution

Overview dotty is a package that can access properties of nested objects using dot-path notation. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter a...

9.8CVSS9AI score0.03337EPSS
Exploits2References2
Snyk
Snyk
added 2021/08/25 6:48 a.m.4 views

Prototype Pollution

Overview object-path is a package to access deep properties using a path Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, th...

9.8CVSS8.2AI score0.01902EPSS
Exploits1References2
Snyk
Snyk
added 2021/08/12 4:49 p.m.6 views

Prototype Pollution

Overview set-value is a package that creates nested values and any intermediaries using dot notation 'a.b.c' paths. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in th...

9.8CVSS8.8AI score0.02475EPSS
Exploits2References2
Rows per page
Query Builder