express: "qs" prototype poisoning causes the hang of the node process

A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a proto or constructor payload, a remote attacker can cause a...

GHSA-H7VF-5WRV-9FHV Symfony storing cookie headers in HttpCache

Description ----------- The Symfony HTTP cache system acts as a reverse proxy: it caches HTTP responses including headers and returns them to clients. In a recent AbstractSessionListener change, the response might now contain a Set-Cookie header. If the Symfony HTTP cache system is enabled, this...

The vulnerability of the Jenkins Script Security Plugin is related to errors in data processing by the card constructor. This allows a malicious individual to exit the isolated software environment and execute arbitrary code within the Jenkins controller’s JVM context.

The vulnerability of the Jenkins Script Security Plugin is related to errors in data processing by the chart constructor. Exploiting this vulnerability allows a malicious actor to exit from a isolated software environment and execute arbitrary code in the context of the Jenkins controller JVM...

minimist: prototype pollution

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...

Wrong check isContract for Permit

Lines of code Vulnerability details Impact In function: requireSignature. The validation to check whether the msg.sender is a smart contract is not enough in this case. Anyone could bypass that check by calling that function from the constructor of a newly deployed contract. Therefore not the rig...

The vulnerability of SAP SQL Anywhere relational database management systems lies in the lack of protective measures for SQL query structures, allowing attackers to trigger service failures.

The vulnerability of SAP SQL Anywhere relational database management systems is related to the lack of measures taken to protect SQL query structures. Exploiting this vulnerability allows a malicious actor to cause service interruptions by using specially crafted queries, utilizing the ARRAY arra...

The vulnerability of the MoodbarPipeline::MoodbarPipeline() function in the Clementine Music Player audio player allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the implementation of the MoodbarPipeline::MoodbarPipeline function in the Clementine Music Player audio player is related to an error in pointer assignment during the loading of MP3 files. Exploiting this vulnerability may allow a attacker to cause service failures or execut...

Prototype Pollution

baobab is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the merger function in helpers.js and modify attributes such as proto, constructor, and other prototype base objects...

minimist: prototype pollution

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...

Contract cannot be initialized due to revert

Lines of code Vulnerability details Impact TokenggAVAX.initialize would revert due to the constructor setting initialized to typeuint8.max = 255 thus making initialized not less than 1. This does not pass the require check in initializer modifier, thus resulting to a revert thereby making...

SnakeYaml: Constructor Deserialization Remote Code Execution

A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution RCE...

Important: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.3.4 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

Oracle Linux 8 : ELSA-2022-9058-1: / prometheus-jmx-exporter (ELSA-2022-90581)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-90581 advisory. 0.12.0-9 - Fix CVE-2022-1471 by using SafeConstructor. Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Important: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 For more details about the security issues, including the impact, a...

SnakeYaml Constructor Deserialization Remote Code Execution

Summary SnakeYaml's Constructor class, which inherits from SafeConstructor, allows any type be deserialized given the following line: new Yamlnew ConstructorTestDataClass.class.loadyamlContent; Types do not have to match the types of properties in the target class. A ConstructorException is throw...

GHSA-MJMJ-J48Q-9WG2 SnakeYaml Constructor Deserialization Remote Code Execution

Summary SnakeYaml's Constructor class, which inherits from SafeConstructor, allows any type be deserialized given the following line: new Yamlnew ConstructorTestDataClass.class.loadyamlContent; Types do not have to match the types of properties in the target class. A ConstructorException is throw...

Pool calls to toScale can revert

Lines of code Vulnerability details Pool calls to toScale can revert Impact A division by 0 would revert the code. If wrongly assigned value in constructor to tokenAScale or tokenBScale, toScale calls would always revert. Proof of Concept constructor uint256 fee, uint256 tickSpacing, int32...

Update initializer library to prevent reentrancy during initialization

Lines of code Vulnerability details Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an external initializer function, usually called initialize. It then becomes necessary to protect this initializer function so it can only be called once. The...

Prototype Pollution

nodebb is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the Namespaces attribute in the index.js and modify attributes such as proto, constructor, and prototype...

CVE-2022-1471

SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. ...