4 matches found
@adyen/adyen-salesforce-pwa (>=1.0.0 <=1.2.0), @argodigital/formula-request (>=1.0.0 <=1.1.1) +135 more potentially affected by CVE-2024-34273 via njwt (>=0.0.1 <=2.0.0)
njwt NPM version =0.0.1, =1.0.0, =1.0.0, =0.10.1, =0.1.1, =0.1.0, =0.1.0, =0.2.0, =1.0.0, =1.1.0, =0.0.1, =1.0.0, =1.1.25 - @harrymoore/jwt-proxy =1.0.0 - @iarna/atest =1.1.0 and more Source cves: CVE-2024-34273 Source advisory: OSV:GHSA-3HVJ-2783-34X2...
CVE-2024-34273
njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...
CVE-2024-34273
CVE-2024-34273 affects njwt up to v0.4.0, with a prototype pollution flaw in Parser.prototype.parse. Public records consistently identify the issue as this library’s Parser.parse pollution vector, not a general exploit chain. CVSS metrics document Network access, high complexity, and no privilege...
CVE-2024-34273
njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...