Prototype Pollution

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Prototype Pollution in the JSON deserialization process. An attacker can manipulate the prototype of objects by supplying malicious object keys during deserialization. Details Prototype Pollution is a...

HPE Systems Insight Manager AMF Deserialization RCE

A remotely exploitable vulnerability exists within HPE System Insight Manager SIM version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The...

CVE-2018-15503

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...

CVE-2018-15503

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...

Jackson-Databind framework json deserialization code execution vulnerability analysis-vulnerability warning-the black bar safety net

2017/04/11, ayound reported a Jackson Databind framework json deserialization vulnerability, an attacker exploit the vulnerability in the server on the host to execute arbitrary code or system commands, obtain the web server control. Affected versions: The jackson databind 2.7.10 and 2. 8. 9 The...