EUVD-2023-0578

Malicious code in bioql PyPI...

baobab-home.fr Cross Site Scripting vulnerability OBB-3333975

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Prototype Pollution

baobab is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the merger function in helpers.js and modify attributes such as proto, constructor, and other prototype base objects...

GHSA-WVR2-Q86M-6WHP Baobab vulnerable to Prototype Pollution

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be launche...

@egeria/egeria (>=0.20.1 <=0.23.10), appstate (>=0.0.1 <=0.0.2) +8 more potentially affected by CVE-2021-4307 via baobab (>=0.2.2 <=2.5.2)

baobab NPM version =0.2.2, =0.20.1, =0.0.1, =0.7.0, =0.0.1, =0.0.58, =0.20.0, =0.0.8, =2.1.2, =2.6.0 Source cves: CVE-2021-4307 Source advisory: OSV:GHSA-WVR2-Q86M-6WHP...

Baobab vulnerable to Prototype Pollution

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be launche...

CVE-2021-4307

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be launche...

CVE-2021-4307

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be launche...

Design/Logic Flaw

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be launche...

CVE-2021-4307 Yomguithereal Baobab prototype pollution

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be launche...

CVE-2021-4307 Yomguithereal Baobab prototype pollution

A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be launche...

CVE-2021-4307

CVE-2021-4307 affects the Baobab data tree (Yomguithereal Baobab) up to version 2.6.0. The issue is a prototype pollution vulnerability: an attacker can manipulate object prototype attributes via a vulnerable function (merger), enabling remote impact on object prototypes. Affected functionality i...

Baobab 安全漏洞

Baobab is a JavaScript and TypeScript persistent and immutable at least by default data tree from the individual developer Guillaume Plique. A security vulnerability exists in Baobab versions prior to 2.6.0, which stems from an unknown feature that operates to cause improperly controlled...

PT-2023-12411 · Unknown · Yomguithereal Baobab

Name of the Vulnerable Software and Affected Versions: Yomguithereal Baobab versions up to 2.6.0 Description: A critical issue affects an unknown functionality, leading to improperly controlled modification of object prototype attributes, also known as 'prototype pollution'. This can be exploited...

baobab-tv.com Cross Site Scripting vulnerability OBB-2994175

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

baobab-sable.com Cross Site Scripting vulnerability OBB-2994173

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

new packages: baobab

An update is available for baobab. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

baobab-sable.com Cross Site Scripting vulnerability OBB-2348001

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Prototype Pollution in yomguithereal/baobab

Description baobab is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const Baobab = require'baobab'; console.log'Before: ' + .polluted tree = new Baobab tree.deepMergeJSON.parse'"proto": "polluted": true' console.log'After: ' + .polluted...

PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update

CentOS Errata and Security Advisory CESA-2018:3140 An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...