ROOT-APP-NPM-CVE-2026-33228 CVE-2026-33228 in @rootio/flatted - Patched by Root

Root has patched CVE-2026-33228 in the @rootio/flatted package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-32141 CVE-2026-32141 in @rootio/flatted - Patched by Root

Root has patched CVE-2026-32141 in the @rootio/flatted package for Root:npm. Multiple fixed versions available...

Security Bulletin: IBM Quantum Safe Remediator is affected by multiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the libraries versions. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228.

Summary IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circul...

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.3 Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as...

CVE-2026-33228

A flaw was found in flatted, a JavaScript Object Notation JSON parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse function in flatted fails to properly validate string values used as array...

Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench ist affected by leaking a live reference to Array.Prototype

Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array...

Linux Distros Unpatched Vulnerability : CVE-2026-33228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direc...

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

UBUNTU-CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

CVE-2026-33228

Flatted (JSON circular parser) is affected. Prior to 3.4.2, its parse() could treat attacker-controlled string values as direct array index keys, and using the key proto on the internal Array could expose Array.prototype to the output, enabling prototype pollution. The issue has been patched in v...

CVE-2026-33228 flatted: Prototype Pollution via parse()

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

CVE-2026-33228 flatted: Prototype Pollution via parse()

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

CVE-2026-33228 flatted: Prototype Pollution via parse()

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

flatted 安全漏洞

Flatted is a lightweight and fast cycle-based JSON parser developed by Andrea Giammarchi. Versions of Flatted prior to 3.4.2 contained a security vulnerability. This vulnerability stemmed from the parse function not verifying whether the string values controlled by the attacker were actually...

@ahmttyydn/pre-post-request-scripts (>=1.0.0 <=1.0.9), @alfresco/adf-testing (=6.0.0-A.2-8258) +360 more potentially affected by CVE-2026-33228 via flatted (>=3.0.1 <=3.4.1)

flatted NPM version =3.0.1, =1.0.0, =0.0.2, =1.1.0, =1.0.0, =1.0.0, =0.0.10, =0.0.11, =0.0.4, =1.0.0, =0.0.20, =0.0.19, =1.2.2, =1.5.8 and more Source cves: CVE-2026-33228 Source advisory: SNYK:JS-FLATTED-15700433...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the prototype chain by supplying a specially crafted string that causes the returned object to reference Array.prototype, allowing subsequent writes to that property...