6 matches found
CVE-2024-38985
janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
@51yzone/pc-components (>=1.0.2 <=1.2.27), @ahooksjs/antd-form-table (>=0.2.1 <=0.2.15-alpha.1) +186 more potentially affected by CVE-2024-38985 via cool-path (=0.1.32)
cool-path NPM version =0.1.32 is affected by a known vulnerability. The following packages have a transitive dependency on cool-path and may be impacted: - @51yzone/pc-components =1.0.2, =0.2.1, =0.0.1, =0.0.1, =0.2.10, =0.2.10, =0.0.1, =1.0.0, =0.1.11, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.9-beta...
CVE-2024-38985
janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-38985
janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-38985
janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set method at setIn lib/index.js:90. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-38985
Prototype pollution in depath v1.0.6 and cool-path v1.1.2 via the set() method in setIn (lib/index.js:90). This allows injection of arbitrary properties and may enable arbitrary code execution or DoS. Affected: janryWang depath v1.0.6 and janryWang cool-path v1.1.2. Public references confirm the ...