WordPress Extend Filter Products By Price Widget plugin <= 1.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Extend Filter Products By Price Widget plugin versions = 1.0. Solution No patched version available...

Prototype Pollution

object-extend is vulnerable to prototype pollution. The vulnerability exists in extend function of extend.js which allows an attacker to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

Prototype Pollution in object-extend

The package object-extend from 0.0.0 through 0.5.0 is vulnerable to Prototype Pollution via object-extend...

GHSA-M639-9WHG-FW97 Prototype Pollution in object-extend

The package object-extend from 0.0.0 through 0.5.0 is vulnerable to Prototype Pollution via object-extend...

CVE-2021-23702

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend...

CVE-2021-23702

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend...

CVE-2021-23702

CVE-2021-23702 relates to a Prototype Pollution vulnerability in the object-extend package. Public documentation across multiple sources confirms the flaw exists in the extend function of object-extend, enabling an attacker to inject properties into Object.prototype (e.g., via proto ), potentiall...

CVE-2021-23702 Prototype Pollution

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend...

Prototype JavaScript framework 代码注入漏洞

Prototype JavaScript framework prototypejs is a JavaScript development framework. A code injection vulnerability exists in Prototype JavaScript framework, which stems from the vulnerability of object-extend to prototype contamination from version 0.0.0 onwards...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +94 more potentially affected by CVE-2022-25173 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.92)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2022-25173 Source advisory: OSV:GHSA-4M7P-55JM-3VW...

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via object-extend. PoC js const extend = require"object-extend"; const payload = JSON.parse'"proto":"isAdmin":"yes"'; extend, payload; const obj = "a":1; console.logobj.isAdmin // print yes on arbitrary objects since...

moleculer-rabbitmq-extend-delay (=1.1.12) potentially affected by CVE-2020-7715 +1 more via deep-get-set (=1.1.1)

deep-get-set NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on deep-get-set and may be impacted: - moleculer-rabbitmq-extend-delay =1.1.12 Source cves: CVE-2020-7715, CVE-2022-21231 Source advisory: SNYK:JS-DEEPGETSET-2342655...

GHSA-GJM5-83CW-P3P2 Prototype Pollution in extend2

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge...

Prototype Pollution

extend2 is vulnerable to prototype pollution. The vulnerability exists in extend function of index.js as it allows an attacker to pass the value proto through the name variable...

CVE-2021-23568

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge...

Code injection

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge...

SUSE SLED12 / SLES12 Security Update : net-snmp (SUSE-SU-2022:0030-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0030-1 advisory. - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run...

Prototype Pollution

Overview extend2 is a forked from node-extend, the difference is overriding array as primitive when deep clone. Affected versions of this package are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge. POC: js var e = require "extend2" etrue, ,...