Basecamp: Able to steal bearer token from deep link

Pre-requisities Prior to exploitation you would be required to know the "account id" of the user that you are attacking. Whilst this makes it difficult to attack an application in a generic way - the account is not secret information as it is included in any links to a user's basecamp organisatio...

Netscaut nGeniusONE Open Redirect Vulnerability

Netscaut nGeniusONE is a network performance management appliance from Netscout, Inc. with a next-generation Deep Packet Inspection DPI engine that enables fast, real-time, context-sensitive business, network, and application performance analysis of large amounts of data. nGeniusONE is vulnerable...

CVE-2021-41113

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...

CVE-2021-41113

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...

PT-2021-23097 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.0 Description: A cross-site request forgery issue has been discovered in the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface. This issue can be exploited withou...

react-here-map-interactive (>=0.0.1 <=0.9.2) potentially affected by CVE-2021-23700 via merge-deep2 (=3.0.6)

merge-deep2 NPM version =3.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on merge-deep2 and may be impacted: - react-here-map-interactive =0.0.1, =0.9.2 Source cves: CVE-2021-23700 Source advisory: SNYK:JS-MERGEDEEP2-1727593...

Agents are not enough: Why cloud security needs agentless deep scanning

In this post, we’re going to dive into the role and limitations of security agents in the cloud, and put forth a different approach for cloud infrastructure security: agentless deep scanning...

Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?

Hackers are upping their game, using an approach I call “Deep Sea Phishing,” which is the use of a combination of the techniques described below to become more aggressive. To keep pace, cybersecurity innovators have been working diligently to develop tools, techniques and resources to improve...

@cookiex/class-state (>=0.0.1 <=0.0.2), @cookiex/cli (>=0.2.10 <=0.2.11-0) +3 more potentially affected by CVE-2021-23442 via @cookiex/deep (>=0.0.1 <=0.0.6)

@cookiex/deep NPM version =0.0.1, =0.0.1, =0.2.10, =0.0.0, =0.1.2, =0.1.3 Source cves: CVE-2021-23442 Source advisory: OSV:GHSA-92V9-XH2Q-FQ9F...

Prototype Pollution in cookiex/deep

The npm @cookiex/deep package before version 0.0.7 has a prototype pollution vulnerability. The global proto object can be polluted using the proto object...

GHSA-92V9-XH2Q-FQ9F Prototype Pollution in cookiex/deep

The npm @cookiex/deep package before version 0.0.7 has a prototype pollution vulnerability. The global proto object can be polluted using the proto object...

Prototype Pollution

@cookiex/deep is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the assigner function...

CVE-2021-23442

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the proto object...

CVE-2021-23442 Prototype Pollution

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the proto object...

CVE-2021-23442

The CVE-2021-23442 issue affects the npm package @cookiex/deep, where the global Object proto can be polluted via proto . The root cause is prototype pollution in the library, impacting all versions prior to 0.0.7. Documented references (GHSA, OSV, Veracode, NVD) indicate high impact with potenti...

CVE-2021-23442

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the proto object...

What is the Dark Web? The Dark Web explained

You may have seen the Dark Web referenced in popular TV shows and have gotten the wrong idea, or if you already knew about it, you may have snorted in derision. The Dark Web is also sometimes called the Deep Web, when in fact the Dark Web is only a part of the Deep Web. Terminology Surface Web is...

Cookiex-Deep 安全漏洞

Cookiex-Deep is a library. It is used to add object recursion to a target. Cookiex-Deep has a security vulnerability that can be exploited by an attacker to cause proto objects to contaminate global proto objects...

PT-2021-15527 · Npm · @Cookiex/Deep

Name of the Vulnerable Software and Affected Versions: @cookiex/deep versions prior to 0.0.7 Description: The issue allows pollution of the global proto object using the proto object. This can potentially lead to unintended behavior or security issues in applications that use the @cookiex/deep...

@cookiex/class-state (>=0.0.1 <=0.0.2), @cookiex/cli (>=0.2.10 <=0.2.11-0) +3 more potentially affected by CVE-2021-23442 via @cookiex/deep (>=0.0.1 <=0.0.6)

@cookiex/deep NPM version =0.0.1, =0.0.1, =0.2.10, =0.0.0, =0.1.2, =0.1.3 Source cves: CVE-2021-23442 Source advisory: SNYK:JS-COOKIEXDEEP-1582793...