Lucene search
+L

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 6:42 a.m.4 views

Security Bulletin: Highlight.js Prototype Pollution Vulnerability in Code Block Parsing, affects watsonx.data

Summary Highlight.js versions prior to 9.18.2 and 10.1.2 are vulnerable to prototype pollution via malicious HTML in user-supplied code blocks. This can cause unexpected application behavior or crashes, representing a potential DoS vector. This can affect watsonx.data. Vulnerability Details...

8.7CVSS5.9AI score0.01307EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2024/11/19 2:43 a.m.17 views

K000148605: Highlight.js vulnerability CVE-2020-26237

Security Advisory Description Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during...

8.7CVSS7.5AI score0.01307EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.103 views

K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509

Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

5.5CVSS5.5AI score0.01503EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.3 views

SUSE CVE-2020-26237

Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow use...

8.7CVSS7.2AI score0.01307EPSS
Exploits0References3
Debian
Debian
added 2020/12/30 10:37 p.m.98 views

[SECURITY] [DLA 2511-1] highlight.js security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2511-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz December 30, 2020 https://wiki.debian.org/LTS -...

8.7CVSS7AI score0.01307EPSS
Exploits0
CVE
CVE
added 2020/11/24 11:0 p.m.191 views

CVE-2020-26237

Highlight.js vulnerability CVE-2020-26237: Prototype Pollution in versions before 9.18.2 and 10.1.2 (and older); a malicious HTML block could pollute Object.prototype during highlighting. Upstream fixes exist in 9.18.2+, 10.1.2+, and newer. Debian/OSS advisories also reference updates; remediatio...

8.7CVSS6.8AI score0.01307EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder