Lucene search
+L

623 matches found

RedHat Linux
RedHat Linux
added 2019/06/11 3:32 p.m.4 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
OSV
OSV
added 2019/04/26 4:29 p.m.72 views

GHSA-6C3J-C64M-QHGQ XSS in jQuery as used in Drupal, Backdrop CMS, and other products

jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS6.8AI score0.87218EPSS
Exploits4References110
BDU FSTEC
BDU FSTEC
added 2019/04/23 12:0 a.m.10 views

The vulnerability of the jQuery.extend() function in the jQuery library allows a hacker to trigger a denial-of-service attack, execute arbitrary JavaScript code, or enhance their privileges.

The vulnerability of the jQuery.extend function in the jQuery library is related to the lack of restrictions on changes to the “proto” property when performing the extend operation. Exploiting this vulnerability can allow a malicious actor to cause service failures, execute arbitrary JavaScript...

8.1CVSS7.1AI score0.87218EPSS
Exploits4References21Affected Software65
RubySec
RubySec
added 2019/04/19 12:0 a.m.41 views

Prototype pollution attack through jQuery $.extend

jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS2.2AI score0.87218EPSS
Exploits4References1Affected Software1
OSV
OSV
added 2019/04/17 8:30 p.m.2 views

DRUPAL-CORE-2019-006

The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes: jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue, , .... If an unsanitized source object...

6.1CVSS6.6AI score0.87218EPSS
Exploits4References1
Veracode
Veracode
added 2019/04/04 5:38 a.m.10 views

Prototype Pollution

smart-extend is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties on Prototype objects to execute arbitrary code or cause a denial of service...

7.6AI score
Exploits0
Node.js
Node.js
added 2019/04/04 2:47 a.m.13 views

Prototype Pollution

Overview All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider usi...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/04/02 9:6 p.m.122 views

Prototype Pollution

Overview Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend method allows an attacker to modify the prototype for Object causing changes in properties that will exist on all objects. Recommendation Upgrade to version 3.4.0 or later. References - HackerOne Report -...

7.6AI score
Exploits3Affected Software1
Snyk
Snyk
added 2019/03/26 8:40 a.m.2 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. The extend function can be tricked into modifying the prototype of Object when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that wi...

6.1CVSS8.1AI score0.87218EPSS
Exploits4References3
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/03/25 12:0 a.m.98 views

[20190403] - Core - Object.prototype pollution in JQuery $.extend

The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks...

6.1CVSS2.5AI score0.87218EPSS
Exploits4Affected Software1
CVE0DAY
CVE0DAY
added 2019/03/06 1:41 p.m.135 views

Linux Kernel CVE-2019-9213 NULL Dereferences

By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. Th...

4.9CVSS6.6AI score0.05667EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2019/02/07 6:17 p.m.6 views

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), 47pages-keystone (>=0.0.1 <=0.0.5) +710 more potentially affected by CVE-2018-16491 via node.extend (>=0.0.1 <=1.1.6)

node.extend NPM version =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.6, =0.2.8-aneilbaboo1, =0.2.1, =0.5.0, =1.0.37, =0.2.1, =1.0.0, =0.2.35, =0.0.1, =2.3.1 and more Source cves: CVE-2018-16491 Source advisory: OSV:GHSA-R96C-57PF-9JJM...

9.8CVSS7.2AI score0.01719EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2019/02/07 6:17 p.m.6 views

@feidao-factory/server (>=5.0.201901071713 <=5.0.201901251726), @feidao-factory/service (>=5.0.201812141540 <=5.0.201901071619) +39 more potentially affected by CVE-2018-16491 via node.extend (=2.0.0)

node.extend NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on node.extend and may be impacted: - @feidao-factory/server =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =2.0.0, =0.0.1, =1.0.0,...

9.8CVSS7.2AI score0.01719EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2019/02/07 6:17 p.m.6 views

@amalto/custom-form-dialog (>=1.1.1 <=1.2.1), @amalto/dynamic-component (>=1.1.1 <=1.2.1) +50 more potentially affected by CVE-2018-16489 via just-extend (>=1.1.22 <=3.0.0)

just-extend NPM version =1.1.22, =1.1.1, =1.1.1, =1.0.18, =1.0.32, =1.1.0, =1.0.21, =1.0.17, =0.1.0, =1.0.5, =1.3.0, =1.0.0, =0.12.0, =0.1.0-alpha.4c5f8c5a, =0.1.0-alpha.4c5f8c5a, =5.0.3-0 and more Source cves: CVE-2018-16489 Source advisory: OSV:GHSA-675M-85RW-J3W4...

9.8CVSS7.2AI score0.01836EPSS
Exploits1
OSV
OSV
added 2019/02/07 6:17 p.m.34 views

GHSA-675M-85RW-J3W4 Prototype Pollution in just-extend

Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later...

9.8CVSS9.4AI score0.01836EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2019/02/07 6:17 p.m.31 views

Prototype Pollution in just-extend

Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later...

9.8CVSS4.3AI score0.01836EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2019/02/07 6:3 p.m.7 views

08cms (=1.0.0), 1-of (>=1.0.0 <=1.0.1) +4827 more potentially affected by CVE-2018-16492 via extend (>=1.1.3 <=2.0.1)

extend NPM version =1.1.3, =1.0.0, =0.7.0, =0.1.0, =0.0.2, =0.0.1, =0.0.0, =0.1.4, =1.16.0, =0.0.1, =0.0.5 and more Source cves: CVE-2018-16492 Source advisory: OSV:GHSA-QRMC-FJ45-QFC2...

9.8CVSS7.2AI score0.0305EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2019/02/07 6:3 p.m.5 views

192.168.0.172 (=4.6.1), 3nit-utils (>=0.13.0 <=1.0.2) +2496 more potentially affected by CVE-2018-16492 via extend (>=3.0.0 <=3.0.1)

extend NPM version =3.0.0, =0.13.0, =1.3.1, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =3.0.0, =0.1.1, =5.0.0-alpha.1, =1.0.0, =1.0.0, =2018.6.20-0, =2018.8.16-1 and more Source cves: CVE-2018-16492 Source advisory: OSV:GHSA-QRMC-FJ45-QFC2...

9.8CVSS7.2AI score0.0305EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2019/02/07 6:3 p.m.34 views

Prototype Pollution in extend

Versions of extend prior to 3.0.2 for 3.x and 2.0.2 for 2.x are vulnerable to Prototype Pollution. The extend function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation If you're using...

9.8CVSS5.6AI score0.0305EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2019/02/07 6:3 p.m.7 views

GHSA-QRMC-FJ45-QFC2 Prototype Pollution in extend

Versions of extend prior to 3.0.2 for 3.x and 2.0.2 for 2.x are vulnerable to Prototype Pollution. The extend function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation If you're using...

9.8CVSS7.2AI score0.0305EPSS
Exploits1References6
Rows per page
Query Builder