Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2022/06/27 7:32 p.m.64 views

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.1CVSS6.8AI score0.05664EPSS
Exploits3References26
vulnersOsv
vulnersOsv
added 2022/05/03 12:0 a.m.3 views

@3-shake/3design-ui (>=1.7.3 <=2.1.7), @aider/ui (>=0.0.1 <=0.9.0) +301 more potentially affected by CVE-2022-25645 via dset (>=1.0.1 <=3.1.1)

dset NPM version =1.0.1, =1.7.3, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =0.14.1, =2.8.2, =2.4.0, =2.4.0, =3.0.0, =1.0.0, =3.1.0 and more Source cves: CVE-2022-25645 Source advisory: OSV:GHSA-23WX-CGXQ-VPWX...

8.1CVSS7.4AI score0.0176EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2022/05/02 7:38 a.m.43 views

CVE-2022-25645

A flaw was found in the dset package via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains a proto, constructor, or prototype. This flaw allows an attacker to craft a malicious object, bypassing this check and achieving prototype...

8.1CVSS5AI score0.0176EPSS
Exploits1References5
NVD
NVD
added 2022/05/01 4:15 p.m.24 views

CVE-2022-25645

All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains proto, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achie...

8.1CVSS0.0176EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/28 11:30 a.m.16 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution due to CVE-2022-25645

Summary Node.js module dset is used by IBM App Connect Enterprise Certified Container when managing or creating an API flow. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address...

8.1CVSS1.3AI score0.0176EPSS
Exploits1Affected Software1
Rows per page
Query Builder