Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/01/09 11:51 a.m.37 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution due to [CVE-2020-36632]

Summary Node.js module flat is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js...

9.8CVSS8.4AI score0.01107EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/12/25 9:30 p.m.6 views

@arve.knudsen/bankai (>=9.6.0 <=9.10.14), @citation-js/browserify-disc (=1.3.4) +64 more potentially affected by CVE-2020-36632 via flat (>=0.2.0 <=1.6.0)

flat NPM version =0.2.0, =9.6.0, =2.6.0, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.10, =1.0.0, =7.3.0, =9.10.4, =0.0.1, =0.0.2 and more Source cves: CVE-2020-36632 Source advisory: OSV:GHSA-2J2X-2GPW-G8FM...

9.8CVSS6.7AI score0.01107EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/12/25 9:30 p.m.5 views

@benjamin-vanryseghem/mongoose-dummy (>=1.0.7 <=1.0.9), @copart/lot-search-components (>=0.0.1 <=0.0.2) +31 more potentially affected by CVE-2020-36632 via flat (=4.0.0)

flat NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on flat and may be impacted: - @benjamin-vanryseghem/mongoose-dummy =1.0.7, =0.0.1, =0.0.2, =0.0.1, =0.1.0, =1.1.0, =0.0.1, =0.0.1, =1.0.2, =2.0.0, =0.1.1, =1.1.1, =2.5.0 and more...

9.8CVSS6.7AI score0.01107EPSS
Exploits0
NVD
NVD
added 2022/12/25 8:15 p.m.27 views

CVE-2020-36632

A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. It is possible to initiate the atta...

9.8CVSS0.01107EPSS
Exploits0References6
OSV
OSV
added 2022/12/25 8:15 p.m.14 views

CVE-2020-36632

A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. It is possible to initiate the atta...

9.8CVSS9.6AI score
Exploits0References6
CVE
CVE
added 2022/12/25 7:37 p.m.99 views

CVE-2020-36632

CVE-2020-36632 affects the Node.js module hughsk flat (up to 5.0.0), where the unflatten function in index.js enables prototype pollution. This can be exploited remotely to modify Object.prototype and execute arbitrary code or cause a denial of service. A fixed version is 5.0.1, with patch refere...

9.8CVSS7.8AI score0.01107EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2020/07/30 2:3 p.m.5 views

@abstract.tech/brad-cli (>=0.0.4 <=1.0.1), @bandwidth/shared-components (>=6.0.2 <=6.2.2) +106 more potentially affected by CVE-2020-36632 via flat (>=4.0.0 <=4.1.0)

flat NPM version =4.0.0, =0.0.4, =6.0.2, =1.0.7, =4.2.2, =1.2.10, =2.1.31, =1.0.11, =2.0.11, =1.1.11, =1.0.27, =2.0.8, =1.0.0, =0.0.6, =0.0.1, =0.0.2, =0.0.8 and more Source cves: CVE-2020-36632 Source advisory: SNYK:JS-FLAT-596927...

9.8CVSS6.7AI score0.01107EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/07/30 2:3 p.m.3 views

@diogoabu/adminjs (>=6.8.7-1 <=6.8.7-19), @emartech/angular-translate (>=2.0.0 <=2.3.0) +52 more potentially affected by CVE-2020-36632 via flat (>=5.0.0 <=5.0.1)

flat NPM version =5.0.0, =6.8.7-1, =2.0.0, =1.2.0, =0.0.1, =0.0.1, =0.0.2, =0.5.2, =3.34.3, =2.3.0, =2.7.0, =0.1.2, =6.7.6, =1.0.0, =0.2.2, =1.1.0 and more Source cves: CVE-2020-36632 Source advisory: SNYK:JS-FLAT-596927...

9.8CVSS6.7AI score0.01107EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/07/30 2:3 p.m.4 views

@albalyu/npm-scripts (>=2.0.1 <=2.0.40), @opuscapita/eslint-config-opuscapita-bnapp (>=1.0.1 <=1.0.6) +7 more potentially affected by CVE-2020-36632 via flat (=3.0.0)

flat NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on flat and may be impacted: - @albalyu/npm-scripts =2.0.1, =1.0.1, =2.2.1, =2.0.0, =0.0.1-beta.2, =4.0.1, =0.3.0-beta.16, =0.3.0-beta.83 Source cves: CVE-2020-36632 Source advisory:...

9.8CVSS6.7AI score0.01107EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/07/30 2:3 p.m.5 views

@biesbjerg/ng2-translate-extract (>=0.5.0 <=0.6.0), @biesbjerg/ngx-translate-extract (>=1.0.0 <=2.3.4) +68 more potentially affected by CVE-2020-36632 via flat (>=2.0.0 <=2.0.1)

flat NPM version =2.0.0, =0.5.0, =1.0.0, =9.16.1, =0.0.1, =0.0.2-beta1, =1.2.7, =2.1.27, =2.0.7, =1.1.9, =2.3.4-atknatk.1, =0.0.1, =1.0.0, =1.0.0, =2.3.4, =2.3.5, =2.3.6 and more Source cves: CVE-2020-36632 Source advisory: SNYK:JS-FLAT-596927...

9.8CVSS6.7AI score0.01107EPSS
Exploits0
Rows per page
Query Builder