6 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-23440
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package set-value before =3.0.0 =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys...
CVE-2021-23440
This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...
GHSA-33F9-J839-RF8H Prototype Pollution in immer
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...
CVE-2021-23436
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...
Prototype Pollution
Overview dotty is a package that can access properties of nested objects using dot-path notation. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter a...
Prototype Pollution
Overview set-value is a package that creates nested values and any intermediaries using dot notation 'a.b.c' paths. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in th...