SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

Upgraded Q -> 2 from #39 [1679850456945]

Judge has assessed an item in Issue 39 as 2 risk. The relevant finding follows: N-05 Fees are not being set in the constructor --- The text was updated successfully, but these errors were encountered: All reactions...

set critical parameters like fee recipient in constrctor.

Lines of code Vulnerability details Impact Loss of fee at certain condition. This can happen, when user call deposit function immediately contracts are deployed. Or when admin forget to update the feeReceient address. There are lot of address that admin has to set once the contract is deployed. S...

[Medium - 2] A force deployed contract may be stuck in the constructor forever

Lines of code Vulnerability details Impact The forceDeployOnAddress function in the ContractDeployer contract may be used to redeploy contracts at a specified address. Very useful in the case of precompiles or system contracts upgrades for instance. In the deployment parameters, multiple values c...

The minimum values of selectionMax and selectionSize are not verified when creating a lottery, which may create an unreasonable lottery

Lines of code Vulnerability details Summary src/LotterySetup.sol constructorLotterySetupParams memory lotterySetupParams if addresslotterySetupParams.token == address0 revert RewardTokenZero; if lotterySetupParams.ticketPrice == uint2560 revert TicketPriceZero; if lotterySetupParams.selectionSize...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

Contract not initialized after deployment

Lines of code Vulnerability details Impact In ReaperStrategyGranarySupplyOnly.sol, the initialize function is not called after deployment. Left open to unintended behaviour and/or an attacker calling the initialize function, gaining control of core permissions and functions, as highlighted in the...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

minimist: prototype pollution

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

K000132638: SnakeYAML vulnerability CVE-2022-1471

Security Advisory Description SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content...

SUSE CVE-2010-1395

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issu...

SUSE CVE-2016-9897

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

SUSE CVE-2017-9806

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service memory corruption and application crash potentially resulting in arbitrary code execution...

SUSE CVE-2017-1000107

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...

SUSE CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

SUSE CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

SUSE CVE-2020-7598

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload...

Prototype Pollution

Overview algoliasearch-helper is a Helper for implementing advanced search features with algolia Affected versions of this package are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the...