7 matches found
CVE-2019-10790
taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found...
@angstone/micro (=0.0.1), @angstone/microservice (=0.0.17) +4 more potentially affected by CVE-2019-10790 via taffy (=2.6.2)
taffy NPM version =2.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on taffy and may be impacted: - @angstone/micro =0.0.1 - @angstone/microservice =0.0.17 - anrajs =1.0.0, =0.0.1, =0.0.7, =1.0.6 - neyka =3.0.0 Source cves: CVE-2019-10790 Source...
08cms (=1.0.0), 102f (>=1.0.0 <=1.0.1) +2206 more potentially affected by CVE-2019-10790 via taffydb (>=2.6.2 <=2.7.3)
taffydb NPM version =2.6.2, =1.0.0, =0.0.5, =1.0.0, =1.0.1-beta2, =1.0.40, =2.0.0, =1.6.0, =1.0.0, =1.0.1, =0.3.0, =1.0.2, =0.1.2, =0.2.0 - @adrian-alu0101024363/spread =0.1.3 and more Source cves: CVE-2019-10790 Source advisory: OSV:GHSA-MXHP-79QH-MCX6...
CVE-2019-10790
taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found...
CVE-2019-10790 vulnerabilities
Vulnerabilities for packages: kubeflow-centraldashboard...
CVE-2019-10790
CVE-2019-10790 concerns the taffydb package (taffydb/taffydb.html) where versions up to 2.7.3 are affected. The issue, as described across multiple sources in the connected documents, is that an attacker can forge the internal index used per data item by injecting extra properties into user input. I...
08cms (=1.0.0), 102f (>=1.0.0 <=1.0.1) +2206 more potentially affected by CVE-2019-10790 via taffydb (>=2.6.2 <=2.7.3)
taffydb NPM version =2.6.2, =1.0.0, =0.0.5, =1.0.0, =1.0.1-beta2, =1.0.40, =2.0.0, =1.6.0, =1.0.0, =1.0.1, =0.3.0, =1.0.2, =0.1.2, =0.2.0 - @adrian-alu0101024363/spread =0.1.3 and more Source cves: CVE-2019-10790 Source advisory: SNYK:JS-TAFFYDB-2992450...