22 matches found
Prototype Pollution
extend-merge is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype through the merge function...
GHSA-9GGP-4JPR-7PPJ Duplicate Advisory: Possible remote code execution via a remote procedure call
Withdrawn: duplicate of GHSA-pj4g-4488-wmxm Original Description In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings...