623 matches found
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
GHSA-6C3J-C64M-QHGQ XSS in jQuery as used in Drupal, Backdrop CMS, and other products
jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...
The vulnerability of the jQuery.extend() function in the jQuery library allows a hacker to trigger a denial-of-service attack, execute arbitrary JavaScript code, or enhance their privileges.
The vulnerability of the jQuery.extend function in the jQuery library is related to the lack of restrictions on changes to the “proto” property when performing the extend operation. Exploiting this vulnerability can allow a malicious actor to cause service failures, execute arbitrary JavaScript...
Prototype pollution attack through jQuery $.extend
jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...
DRUPAL-CORE-2019-006
The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes: jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue, , .... If an unsanitized source object...
Prototype Pollution
smart-extend is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties on Prototype objects to execute arbitrary code or cause a denial of service...
Prototype Pollution
Overview All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider usi...
Prototype Pollution
Overview Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend method allows an attacker to modify the prototype for Object causing changes in properties that will exist on all objects. Recommendation Upgrade to version 3.4.0 or later. References - HackerOne Report -...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution. The extend function can be tricked into modifying the prototype of Object when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that wi...
[20190403] - Core - Object.prototype pollution in JQuery $.extend
The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks...
Linux Kernel CVE-2019-9213 NULL Dereferences
By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. Th...
3vot-salesforce-proxy (>=0.0.1 <=0.1.6), 47pages-keystone (>=0.0.1 <=0.0.5) +710 more potentially affected by CVE-2018-16491 via node.extend (>=0.0.1 <=1.1.6)
node.extend NPM version =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.6, =0.2.8-aneilbaboo1, =0.2.1, =0.5.0, =1.0.37, =0.2.1, =1.0.0, =0.2.35, =0.0.1, =2.3.1 and more Source cves: CVE-2018-16491 Source advisory: OSV:GHSA-R96C-57PF-9JJM...
@feidao-factory/server (>=5.0.201901071713 <=5.0.201901251726), @feidao-factory/service (>=5.0.201812141540 <=5.0.201901071619) +39 more potentially affected by CVE-2018-16491 via node.extend (=2.0.0)
node.extend NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on node.extend and may be impacted: - @feidao-factory/server =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =2.0.0, =0.0.1, =1.0.0,...
@amalto/custom-form-dialog (>=1.1.1 <=1.2.1), @amalto/dynamic-component (>=1.1.1 <=1.2.1) +50 more potentially affected by CVE-2018-16489 via just-extend (>=1.1.22 <=3.0.0)
just-extend NPM version =1.1.22, =1.1.1, =1.1.1, =1.0.18, =1.0.32, =1.1.0, =1.0.21, =1.0.17, =0.1.0, =1.0.5, =1.3.0, =1.0.0, =0.12.0, =0.1.0-alpha.4c5f8c5a, =0.1.0-alpha.4c5f8c5a, =5.0.3-0 and more Source cves: CVE-2018-16489 Source advisory: OSV:GHSA-675M-85RW-J3W4...
GHSA-675M-85RW-J3W4 Prototype Pollution in just-extend
Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later...
Prototype Pollution in just-extend
Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later...
08cms (=1.0.0), 1-of (>=1.0.0 <=1.0.1) +4827 more potentially affected by CVE-2018-16492 via extend (>=1.1.3 <=2.0.1)
extend NPM version =1.1.3, =1.0.0, =0.7.0, =0.1.0, =0.0.2, =0.0.1, =0.0.0, =0.1.4, =1.16.0, =0.0.1, =0.0.5 and more Source cves: CVE-2018-16492 Source advisory: OSV:GHSA-QRMC-FJ45-QFC2...
192.168.0.172 (=4.6.1), 3nit-utils (>=0.13.0 <=1.0.2) +2496 more potentially affected by CVE-2018-16492 via extend (>=3.0.0 <=3.0.1)
extend NPM version =3.0.0, =0.13.0, =1.3.1, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =3.0.0, =0.1.1, =5.0.0-alpha.1, =1.0.0, =1.0.0, =2018.6.20-0, =2018.8.16-1 and more Source cves: CVE-2018-16492 Source advisory: OSV:GHSA-QRMC-FJ45-QFC2...
Prototype Pollution in extend
Versions of extend prior to 3.0.2 for 3.x and 2.0.2 for 2.x are vulnerable to Prototype Pollution. The extend function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation If you're using...
GHSA-QRMC-FJ45-QFC2 Prototype Pollution in extend
Versions of extend prior to 3.0.2 for 3.x and 2.0.2 for 2.x are vulnerable to Prototype Pollution. The extend function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation If you're using...