5 matches found
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
@3-shake/3design-ui (>=1.7.3 <=2.1.7), @aider/ui (>=0.0.1 <=0.9.0) +301 more potentially affected by CVE-2022-25645 via dset (>=1.0.1 <=3.1.1)
dset NPM version =1.0.1, =1.7.3, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =0.14.1, =2.8.2, =2.4.0, =2.4.0, =3.0.0, =1.0.0, =3.1.0 and more Source cves: CVE-2022-25645 Source advisory: OSV:GHSA-23WX-CGXQ-VPWX...
CVE-2022-25645
A flaw was found in the dset package via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains a proto, constructor, or prototype. This flaw allows an attacker to craft a malicious object, bypassing this check and achieving prototype...
CVE-2022-25645
All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains proto, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achie...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution due to CVE-2022-25645
Summary Node.js module dset is used by IBM App Connect Enterprise Certified Container when managing or creating an API flow. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address...