3id-connect (>=1.0.0-alpha.3 <=1.0.0-beta.15), 3id-connect-codingsh (>=1.0.0-alpha.6 <=1.0.0-alpha.7) +960 more potentially affected by CVE-2021-4279 via fast-json-patch (>=0.0.2 <=3.1.0)

fast-json-patch NPM version =0.0.2, =1.0.0-alpha.3, =1.0.0-alpha.6, =0.1.0, =0.1.1, =0.2.4, =1.0.0, =1.0.0-alpha.1, =1.1.0, =2.0.0, =1.0.2, =2.0.3, =1.0.3, =1.0.3, =0.0.4-beta.1, =1.1.0 and more Source cves: CVE-2021-4279 Source advisory: OSV:GHSA-8GH8-HQWG-XF34...

Prototype Pollution in starcounter-jack/json-patch

Description fast-json-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js let fastjsonpatch = require"fast-json-patch"; functio...

@adobe/adobe-photoshop-api-sdk (>=1.1.0 <=1.1.1), @adobe/aio-lib-analytics (=2.0.0) +23 more potentially affected by unknown CVE via fast-json-patch (>=2.0.4 <=2.1.0)

fast-json-patch NPM version =2.0.4, =1.1.0, =2.0.3, =1.0.3, =1.0.3, =0.0.4-beta.1, =2.0.2, =1.2.2, =0.3.0, =0.1.0, =2.1.32, =1.0.0, =1.2.3 and more Source cves: unknown CVE Source advisory: SNYK:JS-FASTJSONPATCH-595663...

Prototype Pollution

Overview fast-json-patch is a leaner and meaner implementation of JSON-Patch. Affected versions of this package are vulnerable to Prototype Pollution via applyPatch and applyOperation in fast-json-patch.js. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution...