3 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-37598
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...
CVE-2022-37598
CVE-2022-37598 describes a prototype pollution in Mishoo UglifyJS 3.13.2’s ast.js DEFNODE function, triggered via the name variable and payloads that modify Object.prototype. The connected sources show multiple advisories referencing the same vulnerability in the UglifyJS module, including notes ...