5 matches found
CVE-2019-10795
undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
@aaa-backend-stack/build-tools (>=1.16.0 <=2.4.4), @aaa-backend-stack/devtools (>=1.16.0 <=2.4.4) +141 more potentially affected by CVE-2019-10795 via undefsafe (>=0.0.2 <=2.0.1)
undefsafe NPM version =0.0.2, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2019-10795 Source advisory: OSV:GHSA-332Q-7FF2-57H2...
Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities
Summary IBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime shipped. Vulnerability Details CVEID: CVE-2019-10795 DESCRIPTION: Node.js undefsafe module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a...
CVE-2019-10795
CVE-2019-10795 affects undefsafe prior to 2.0.3. Prototype pollution possible via the a() function using a proto payload to add/modify Object.prototype properties. Impact: remote attacker could manipulate global objects; CVSS ~6.3 (3.1) in provided metrics. Remediation: upgrade undefsafe to 2.0.3...
@zambezi/jsbin (=3.40.4-ez-bin.5), pin-api (>=1.1.0 <=1.3.1) potentially affected by CVE-2019-10795 via undefsafe (>=2.0.0 <=2.0.1)
undefsafe NPM version =2.0.0, =1.1.0, =1.3.1 Source cves: CVE-2019-10795 Source advisory: SNYK:JS-UNDEFSAFE-548940...