10 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution due to [CVE-2020-36632]
Summary Node.js module flat is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js...
@arve.knudsen/bankai (>=9.6.0 <=9.10.14), @citation-js/browserify-disc (=1.3.4) +64 more potentially affected by CVE-2020-36632 via flat (>=0.2.0 <=1.6.0)
flat NPM version =0.2.0, =9.6.0, =2.6.0, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.10, =1.0.0, =7.3.0, =9.10.4, =0.0.1, =0.0.2 and more Source cves: CVE-2020-36632 Source advisory: OSV:GHSA-2J2X-2GPW-G8FM...
@benjamin-vanryseghem/mongoose-dummy (>=1.0.7 <=1.0.9), @copart/lot-search-components (>=0.0.1 <=0.0.2) +31 more potentially affected by CVE-2020-36632 via flat (=4.0.0)
flat NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on flat and may be impacted: - @benjamin-vanryseghem/mongoose-dummy =1.0.7, =0.0.1, =0.0.2, =0.0.1, =0.1.0, =1.1.0, =0.0.1, =0.0.1, =1.0.2, =2.0.0, =0.1.1, =1.1.1, =2.5.0 and more...
CVE-2020-36632
A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. It is possible to initiate the atta...
CVE-2020-36632
A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. It is possible to initiate the atta...
CVE-2020-36632
CVE-2020-36632 affects the Node.js module hughsk flat (up to 5.0.0), where the unflatten function in index.js enables prototype pollution. This can be exploited remotely to modify Object.prototype and execute arbitrary code or cause a denial of service. A fixed version is 5.0.1, with patch refere...
@abstract.tech/brad-cli (>=0.0.4 <=1.0.1), @bandwidth/shared-components (>=6.0.2 <=6.2.2) +106 more potentially affected by CVE-2020-36632 via flat (>=4.0.0 <=4.1.0)
flat NPM version =4.0.0, =0.0.4, =6.0.2, =1.0.7, =4.2.2, =1.2.10, =2.1.31, =1.0.11, =2.0.11, =1.1.11, =1.0.27, =2.0.8, =1.0.0, =0.0.6, =0.0.1, =0.0.2, =0.0.8 and more Source cves: CVE-2020-36632 Source advisory: SNYK:JS-FLAT-596927...
@diogoabu/adminjs (>=6.8.7-1 <=6.8.7-19), @emartech/angular-translate (>=2.0.0 <=2.3.0) +52 more potentially affected by CVE-2020-36632 via flat (>=5.0.0 <=5.0.1)
flat NPM version =5.0.0, =6.8.7-1, =2.0.0, =1.2.0, =0.0.1, =0.0.1, =0.0.2, =0.5.2, =3.34.3, =2.3.0, =2.7.0, =0.1.2, =6.7.6, =1.0.0, =0.2.2, =1.1.0 and more Source cves: CVE-2020-36632 Source advisory: SNYK:JS-FLAT-596927...
@albalyu/npm-scripts (>=2.0.1 <=2.0.40), @opuscapita/eslint-config-opuscapita-bnapp (>=1.0.1 <=1.0.6) +7 more potentially affected by CVE-2020-36632 via flat (=3.0.0)
flat NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on flat and may be impacted: - @albalyu/npm-scripts =2.0.1, =1.0.1, =2.2.1, =2.0.0, =0.0.1-beta.2, =4.0.1, =0.3.0-beta.16, =0.3.0-beta.83 Source cves: CVE-2020-36632 Source advisory:...
@biesbjerg/ng2-translate-extract (>=0.5.0 <=0.6.0), @biesbjerg/ngx-translate-extract (>=1.0.0 <=2.3.4) +68 more potentially affected by CVE-2020-36632 via flat (>=2.0.0 <=2.0.1)
flat NPM version =2.0.0, =0.5.0, =1.0.0, =9.16.1, =0.0.1, =0.0.2-beta1, =1.2.7, =2.1.27, =2.0.7, =1.1.9, =2.3.4-atknatk.1, =0.0.1, =1.0.0, =1.0.0, =2.3.4, =2.3.5, =2.3.6 and more Source cves: CVE-2020-36632 Source advisory: SNYK:JS-FLAT-596927...