Prototype Pollution

Overview whet.extend is an A sharped version of port of jQuery.extend that actually works on node.js Affected versions of this package are vulnerable to Prototype Pollution due to improper user input sanitization when using the extend and findValue functions. Details Prototype Pollution is a...

Prototype Pollution

Overview rangy is an A cross-browser DOM range and selection library Affected versions of this package are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototy...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

GHSA-XG8P-34W2-J49J linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Initializati...

linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Initializati...

GHSA-VWHQ-PM3R-FJM9 steal vulnerable to Prototype Pollution via key variable in babel.js

Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js...

CVE-2022-37266

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...

CVE-2022-37266

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...

CVE-2022-37266

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...

CVE-2022-37266

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...

steal 安全漏洞

steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal 2.2.4, which stems from prototype contamination of function extend in StealJS via the key variable in babel....

PT-2022-23906 · Stealjs · Stealjs

Name of the Vulnerable Software and Affected Versions: stealjs steal version 2.2.4 Description: The issue is related to a prototype pollution vulnerability in the extend function in babel.js within stealjs steal. This vulnerability is exploited via the key variable in babel.js. Recommendations: F...

CVE-2022-36086 linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

linkedlistallocator is an allocator usable for nostd systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because...

RUSTSEC-2022-0063 Multiple vulnerabilities resulting in out-of-bounds writes

The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because of metadata write operations. When calling Heap::extend with a size smaller than two...

CVE-2022-36310

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models...

CVE-2022-36310

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models...

[SECURITY] Fedora 36 Update: powerline-go-1.21.0-4.fc36

A Powerline like prompt for Bash, ZSH and Fish. - Shows some important details about the git/hg branch - Changes color if the last command exited with a failure code - If you're too deep into a directory tree, shortens the displayed path with an ellipsis - Shows the current Python virtualenv...

[SECURITY] Fedora 36 Update: golang-github-oklog-0.3.2-11.20190701gitca7cdf5.fc36

OK Log is a distributed and coordination-free log management system for big o l' clusters. It's an on-prem solution that's designed to be a sort of building block: easy to understand, easy to operate, and easy to extend...

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0) potentially affected by CVE-2019-10390 via com.splunk.splunkins:splunk-devops (>=1.0 <=1.7.0)

com.splunk.splunkins:splunk-devops MAVEN version =1.0, =1.0, =1.7.0 Source cves: CVE-2019-10390 Source advisory: OSV:GHSA-CJR8-5RW4-WH65...

[SECURITY] Fedora 34 Update: golang-github-oklog-0.3.2-9.20190701gitca7cdf5.fc34

OK Log is a distributed and coordination-free log management system for big o l' clusters. It's an on-prem solution that's designed to be a sort of building block: easy to understand, easy to operate, and easy to extend...