GHSA-V42Q-78W8-8FCC set-deep-prop Prototype Pollution

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality...

CVE-2021-23373

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality...

Design/Logic Flaw

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality...

CVE-2021-23373 Prototype Pollution

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality...

CVE-2021-23373

The CVE-2021-23373 entry concerns set-deep-prop, where the main functionality is vulnerable to Prototype Pollution. Multiple connected sources confirm the vulnerability in set-deep-prop (e.g., GHSA, Veracode, Snyk) and describe how an attacker can pollute Object.prototype via the library’s setDee...

CVE-2021-23373

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality...

set-deep-prop 安全漏洞

set-deep-prop is a tool for setting the values of deeply nested objects and arrays. A security vulnerability exists in set-deep-prop, which stems from the vulnerability of this package to prototype contamination...

PT-2022-9395 · Unknown · Set-Deep-Prop

Name of the Vulnerable Software and Affected Versions: set-deep-prop affected versions not specified Description: The issue affects the main functionality of the package, allowing for Prototype Pollution. Recommendations: At the moment, there is no information about a newer version that contains ...

Friday Squid Blogging: Bathyteuthis berryi Holding Eggs

Image and video of a Bathyteuthis berryi carrying a few hundred eggs, taken at a depth of 4,650 feet. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Open-Xchange OX App Suite 跨站脚本漏洞

Open-Xchange OX App Suite is an e-mail and productivity suite client software from Open-Xchange Germany. A cross-site scripting vulnerability exists in Open-Xchange OX App Suite versions 7.10.5 and below, which stems from deep links in E-Mail e.g., links to Drive files that are not checked for...

IBM QRadar Network Security Trust Management Issue Vulnerability

IBM QRadar Network Security is a network security manager from IBM, USA. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.IBM QRadar Network...

Uncontrolled Recursion

Overview std/encoding/gob is a Go standard library package std/encoding/gob Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion...

CVE-2020-21405

CVE-2020-21405 affects H96 Smart TV Box H96 Pro Plus. The issue allows an attacker to corrupt files via calls to the saveDeepColorAttr service. Root cause details are not provided in the supplied documents. CVSS v3.1 base score 7.5 (HIGH), vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Exploitation...

Uncontrolled Recursion

Overview std/encoding/xml is a Go standard library package std/encoding/xml Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Decoder.Skip when parsing a deeply nested XML document can cause a panic due to stack exhaustion. Remediation...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

DLS 路径遍历漏洞

DLS is a GUI-based deep learning platform open-sourced by SummaLabs. DLS version 0.1.0 and previous versions have a security vulnerability , the vulnerability stems from Flask sendfile function call incorrectly leads to absolute path traversal...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

DeepTraffic - Deep Learning Models For Network Traffic Classification

For more information please read our papers.  Wei Wang's Google Scholar Homepage Wei Wang, Xuewen Zeng, Xiaozhou Ye, Yiqiang Sheng and Ming Zhu,"Malware Traffic Classification Using Convolutional Neural Networks for Representation Learning," in the 31st International Conference on Information...

Huawei MindSpore Community numeric error vulnerability

Huawei MindSpore Community is an open source deep learning framework from Huawei China.A numerical error vulnerability exists in versions prior to Huawei MindSpore Community 1.3.0, which stems from the fact that when performing the initialization operation of the Split operator, if a dimension in...

golang: regexp: stack exhaustion via a deeply nested expression

A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large...