13 matches found
CVE-2022-42743
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...
EUVD-2022-7326
Malicious code in bioql PyPI...
Prototype Pollution
deep-parse-json is vulnerable to prototype pollution. The library improperly validates the incoming JSON keys, which allows a remote attacker to add new properties to an object through proto attribute...
GHSA-FF9J-PWXG-Q5P2 deep-parse-json vulnerable to Prototype Pollution
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto property to be edited...
@companydotcom/company-skynet-core (>=1.0.2 <=2.0.17), @companydotcom/micro-application-core (>=2.0.7 <=2.0.18-alpha.0) +10 more potentially affected by CVE-2022-42743 via deep-parse-json (>=1.0.1 <=1.0.2)
deep-parse-json NPM version =1.0.1, =1.0.2, =2.0.7, =0.0.1, =0.0.1, =0.0.19, =6.5.7, =5.3.0, =1.0.0, =0.0.6, =0.0.1, =0.0.13 - redux-persist-nedb-storage =0.1.0 Source cves: CVE-2022-42743 Source advisory: OSV:GHSA-FF9J-PWXG-Q5P2...
CVE-2022-42743
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...
CVE-2022-42743
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...
Code injection
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...
CVE-2022-42743
CVE-2022-42743 affects the deep-parse-json library, version 1.0.2. The root cause is improper validation of incoming JSON keys, allowing the proto property to be edited, enabling prototype pollution where an external attacker can edit/add object properties. Impact stated across sources: remote ma...
CVE-2022-42743 deep-parse-json 1.0.2 - Prototype Pollution
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...
CVE-2022-42743 deep-parse-json 1.0.2 - Prototype Pollution
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...
deep-parse-json 安全漏洞
deep-parse-json is a Javascript function for recursively parsing stringified json by Sibaprasad Maiti Personal Developer. A security vulnerability exists in deep-parse-json version 1.0.2, which stems from an application not properly validating incoming JSON keys...
PT-2022-26533 · Unknown · Deep-Parse-Json
Name of the Vulnerable Software and Affected Versions: deep-parse-json version 1.0.2 Description: The issue allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto...