Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 4:13 p.m.8 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the gRPC package ( CVE-2020-7768)

Summary gRPC is used by DataStage on Cloud Pak for Data as part of service communication. Vulnerability Details CVEID:CVE-2020-7768 DESCRIPTION: The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. CWE:CWE-1321:...

9.8CVSS8.4AI score0.03554EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2021/05/10 7:18 p.m.84 views

Prototype Pollution

Overview "The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition." Recommendation Upgrade to version 1.1.8 or later References - CVE - GitHub Advisory...

5CVSS5.2AI score0.03554EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2021/05/10 7:16 p.m.7 views

0.extends.wechat (>=1.0.51 <=1.0.65), 0perator (>=0.1.0 <=0.3.0) +17017 more potentially affected by CVE-2020-7768 via @grpc/grpc-js (>=0.1.0 <=1.1.7)

@grpc/grpc-js NPM version =0.1.0, =1.0.51, =0.1.0, =0.1.0, =5.0.0, =1.0.0, =1.0.1, =1.0.0, =1.1.0, =0.4.0, =0.1.1, =1.0.0, =0.0.1, =1.0.0, =1.0.17 and more Source cves: CVE-2020-7768 Source advisory: OSV:GHSA-PP75-XFPW-37G9...

9.8CVSS7.1AI score0.03554EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/05/10 7:16 p.m.4 views

3architecture (>=1.0.0 <=1.7.0), 4coders-commons (>=0.0.1 <=0.0.2) +3773 more potentially affected by CVE-2020-7768 via grpc (>=0.11.1 <=1.24.3)

grpc NPM version =0.11.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.24, =0.0.1, =1.6.0, =0.0.2, =4.1.6-22, =0.0.1, =0.0.2 - @account-coddle/pokerfire =0.0.1 and more Source cves: CVE-2020-7768 Source advisory: OSV:GHSA-PP75-XFPW-37G9...

9.8CVSS7.1AI score0.03554EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/12/15 12:0 a.m.41 views

Photon OS 3.0: Grpc PHSA-2020-3.0-0176

An update of the grpc package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0176. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid144218;...

9.8CVSS8.8AI score0.03554EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/10 2:33 p.m.39 views

Security Bulletin: App Connect Enterprise Certified Container is vulnerable to code injection and Denial of Service attacks

Summary App Connect Enterprise Certified Container Integration Servers and Designers are vulnerable to code injection and Denial of Service attacks due to CVE-2020-7766 and CVE-2020-7768 Vulnerability Details CVEID: CVE-2020-7768 DESCRIPTION: Node.js grpc module is vulnerable to a denial of...

9.8CVSS1.7AI score0.03554EPSS
Exploits1Affected Software1
CVE
CVE
added 2020/11/11 10:20 a.m.126 views

CVE-2020-7768

CVE-2020-7768 affects gRPC in Node.js: the package grpc prior to 1.24.4 and @grpc/grpc-js prior to 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. Impact details in sources describe a pollution path that could alter object prototypes, enabling unauthorized modification of o...

9.8CVSS8.5AI score0.03554EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2020/08/14 9:47 a.m.4 views

3architecture (>=1.0.0 <=1.7.0), 4coders-commons (>=0.0.1 <=0.0.2) +3711 more potentially affected by CVE-2020-7768 via grpc (>=1.0.0 <=1.24.3)

grpc NPM version =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.24, =0.0.1, =1.6.0, =0.0.2, =4.1.6-22, =0.0.1, =0.0.2 - @account-coddle/pokerfire =0.0.1 and more Source cves: CVE-2020-7768 Source advisory: SNYK:JS-GRPC-598671...

9.8CVSS7.1AI score0.03554EPSS
Exploits0
Rows per page
Query Builder