Lucene search
+L

16 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-2112

Malware in sbrugna...

8.6CVSS7.6AI score0.01902EPSS
Exploits1References12
OpenVAS
OpenVAS
added 2023/03/23 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-5967-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.02097EPSS
Exploits2References2
Ubuntu
Ubuntu
added 2023/03/22 12:7 a.m.73 views

USN-5967-1: object-path vulnerabilities

It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash. CVE-2020-15256, CVE-2021-23434, CVE-2021-3805...

9.8CVSS7.4AI score0.02097EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2021/09/01 6:37 p.m.51 views

Prototype Pollution in object-path

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

8.6CVSS8.8AI score0.01902EPSS
Exploits1References8Affected Software1
RedhatCVE
RedhatCVE
added 2021/08/31 6:49 p.m.55 views

CVE-2021-23434

Prototype pollution has been discovered in object-path NodeJS library. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'...

9.8CVSS2AI score0.01902EPSS
Exploits1References5
Prion
Prion
added 2021/08/27 5:15 p.m.30 views

Type confusion

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

7.5CVSS8.9AI score0.01902EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2021/08/27 4:50 p.m.34 views

CVE-2021-23434 Prototype Pollution

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

5.6CVSS9.3AI score0.01902EPSS
Exploits1References5
CVE
CVE
added 2021/08/27 4:50 p.m.213 views

CVE-2021-23434

The CVE-2021-23434 entry concerns the Node.js object-path package (versions before 0.11.6) with a type confusion vulnerability that can bypass the CVE-2020-15256 fix when path components are arrays. The condition currentPath === 'proto ' fails for currentPath = ['proto '], enabling potential expl...

8.6CVSS7.2AI score0.01902EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/27 4:47 p.m.5 views

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

9.8CVSS5.4AI score0.01902EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2020/11/27 2:51 p.m.37 views

CVE-2020-15256

A flaw was found in object-path. A prototype pollution vulnerability has been found in object-path affecting the set method. The vulnerability is limited to the includeInheritedProps mode if version = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and...

9.8CVSS2AI score0.01546EPSS
Exploits0References3
NVD
NVD
added 2020/10/19 10:15 p.m.18 views

CVE-2020-15256

A prototype pollution vulnerability has been found in object-path = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mode is n...

9.8CVSS0.01546EPSS
Exploits0References2
OSV
OSV
added 2020/10/19 10:15 p.m.42 views

CVE-2020-15256

A prototype pollution vulnerability has been found in object-path = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mode is n...

9.8CVSS9AI score
Exploits0References2
Cvelist
Cvelist
added 2020/10/19 9:25 p.m.39 views

CVE-2020-15256 Prototype pollution in object-path

A prototype pollution vulnerability has been found in object-path = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mode is n...

7.7CVSS6.8AI score0.01546EPSS
Exploits0References2
CVE
CVE
added 2020/10/19 9:25 p.m.203 views

CVE-2020-15256

The CVE-2020-15256 issue concerns the Node.js object-path library where prototype pollution can occur in set() when includeInheritedProps is enabled or using the withInheritedProps instance. Affected versions are

9.8CVSS6.8AI score0.01546EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/10/19 9:25 p.m.30 views

CVE-2020-15256

A prototype pollution vulnerability has been found in object-path = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mode is n...

9.8CVSS7.3AI score0.01546EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/10/19 8:55 p.m.5 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +5302 more potentially affected by CVE-2020-15256 via object-path (>=0.0.1 <=0.11.4)

object-path NPM version =0.0.1, =1.0.1, =8.4.2, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =1.0.0, =0.0.1, =0.0.22 - @0soft/zero-material-ui =0.0.23-alpha.3 and more Source cves: CVE-2020-15256 Source advisory: OSV:GHSA-CWX2-736X-MF6W...

9.8CVSS7.1AI score0.01546EPSS
Exploits0
Rows per page
Query Builder