PT-2022-17605 · Unknown · Morgan-Json

Name of the Vulnerable Software and Affected Versions: morgan-json versions all Description: The issue is related to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. This allows for potential code execution with unintended consequences. No...

GHSA-J3RV-W43Q-F9X2 React Editable Json Tree vulnerable to arbitrary code execution via function parsing

Impact Our library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function was used to execute strings that begin with "function" as Javascript. This was an oversight that unfortunately allows arbitrary code to be...

CVE-2022-35165

An issue in AP4SgpdAtom::AP4SgpdAtom of Bento4-1.6.0-639 allows attackers to cause a Denial of Service DoS via a crafted mp4 input...

UBUNTU-CVE-2022-35165

An issue in AP4SgpdAtom::AP4SgpdAtom of Bento4-1.6.0-639 allows attackers to cause a Denial of Service DoS via a crafted mp4 input...

CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

Users can create an un-bannable contract

Lines of code Vulnerability details Impact Users can create an un-bannable contract by working from a contract's constructor and then self-destructing on each instantiation. Users can also deterministically deploy the contract to the same address every time they want to interact with fiatDAO...

Arbitrary Code Execution

Overview morgan-json is an A variant of morgan.compile that provides format functions that output JSON Affected versions of this package are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. PoC js var PUT = require'morgan-json';...

[H1] MIMOProxy can be PWNED by malicious delegate call

Lines of code Vulnerability details Impact PBR proxy owner change protection can bypassed / DoS PoC PRBProxy has a protection to prevent malicious delegatecall to overwrite owner. function executeaddress target, bytes calldata data public payable override returns bytes memory response ... ... //...

minimist: prototype pollution

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...

minimist: prototype pollution

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...

Code injection

Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary...

UBUNTU-CVE-2022-31084

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to cod...

Prototype Pollution

Overview @loopback/rest is a The REST API package for loopback-next Affected versions of this package are vulnerable to Prototype Pollution via JSON payloads containing constructor. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to...

lender variable in is not the same as constructory and method in the construcotr ther is no check for address zero

Lines of code Vulnerability details Impact lender variable not the same as constructory and method its no check for address zero Recommended Mitigation Steps check for address zero in the constructor --- The text was updated successfully, but these errors were encountered: 😕 1 KenzoAgada reacted...

Basket NFT have no name and symbol

Lines of code Vulnerability details Impact The Basket contract is intended to be used behind a proxy. But the ERC721 implementation used is not upgradeable, and its constructor is called at deployment time on the implementation. So all proxies will have a void name and symbol, breaking all...

Malicious code in helium-constructor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c4ad560a74f2195e1657743dd392b64089d14a917d739cac76578f27806cba5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3588 Malicious code in helium-constructor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c4ad560a74f2195e1657743dd392b64089d14a917d739cac76578f27806cba5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Code Injection in metacalc

The package metacalc before 0.0.2 is vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

Design/Logic Flaw

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor...

metacalc 代码注入漏洞

metacalc is a Metarhia spreadsheet calculator for the Metarhia community. A security vulnerability exists in versions of metacalc prior to 0.0.2, which stems from vulnerability to arbitrary code execution attacks. An attacker exploited the vulnerability to access the Function constructor of...