CVE-2021-40663

deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

deep-assign 安全漏洞

deep-assign is an npm package. A security vulnerability exists in the npm package deep.assign version 0.0.0-alpha.0, which is vulnerable to "prototype contamination"...

CVE-2022-31106

Underscore.deep (a set of Underscore mixins) before version 0.5.3 is vulnerable to prototype pollution via the deepFromFlat function. A crafted payload can pollute future Object constructions, potentially affecting code paths relying on deepPick/deepFromFlat. The validity of the vulnerability is ...

deep-get-set prototype contamination vulnerability

deep-get-set is used to set and obtain values on objects via dotted strings. deep-get-set package in all versions suffers from a prototype pollution vulnerability that stems from the vulnerability of products to uncontrolled modification of object prototype properties. An attacker could exploit...

Prototype Pollution

deep-get-set is vulnerable to prototype pollution. The vulnerability exists due to an incomplete fix of CVE-2020-7715, allowing an attacker to get control of value of “deep” and modify attributes such as proto, constructor and prototype...

@draadnl/openstad-cms (>=0.12.2 <=0.12.3), @ngodn/apostrophe (>=2.94.2 <=2.94.7) +38 more potentially affected by CVE-2022-21231 via deep-get-set (>=0.1.1 <=1.1.1)

deep-get-set NPM version =0.1.1, =0.12.2, =2.94.2, =1.3.0, =0.0.1, =0.5.235, =2.94.1, =0.5.0, =0.5.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =2.93.0, =2.93.2 and more Source cves: CVE-2022-21231 Source advisory: OSV:GHSA-MJJJ-6P43-VHHV...

Prototype Pollution in deep-get-set

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...

GHSA-MJJJ-6P43-VHHV Prototype Pollution in deep-get-set

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...

CVE-2022-21231

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...

Design/Logic Flaw

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...

CVE-2022-21231

CVE-2022-21231 affects the deep-get-set package; all versions are vulnerable to prototype pollution via the deep function. The vulnerability stems from an incomplete fix of CVE-2020-7715. The available references describe the issue as a prototype pollution risk that could allow modification of Ob...

CVE-2022-21231 Prototype Pollution

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...

CVE-2022-21231

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...

deep-get-set 安全漏洞

deep-get-set is used to set and obtain values on objects via dotted strings. deep-get-set package in all versions suffers from a prototype pollution vulnerability that stems from the vulnerability of products to uncontrolled modification of object prototype properties. An attacker could exploit...

Stack too deep error within BaseV1-periphery.sol

Lines of code BaseV1-periphery.sol lines 323-341 Vulnerability details Impact Stack too deep error when using remove liquidity function, fixing issue allows for avoiding using optimizations thus increases the periphery contract's longevity/scalability. Proof of Concept function...

MAL-2022-2393 Malicious code in deep-integrations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 701fc1ba4b0344605c351e6ee31de481a9b83be3551900d9a182a5e220388401 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in deep-integrations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 701fc1ba4b0344605c351e6ee31de481a9b83be3551900d9a182a5e220388401 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Friday Squid Blogging: Squid Changes Color from Black to Transparent

Neat video. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

NVIDIA DGX 输入验证错误漏洞

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. An input validation error vulnerability exists in NVIDIA DGX A100, which stems from incorrect validation of the SBIOS array index in IpSecDxe. An attacker could exploit this vulnerability to execute arbitrary...

NVIDIA DGX 缓冲区错误漏洞

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. The NVIDIA DGX A100 suffers from a buffer error vulnerability that originates from accessing an uninitialized pointer to SBIOS in Ofbd. An attacker could exploit this vulnerability to execute arbitrary code o...