49 matches found
Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System
Summary Multiple Vulnerabilities have been addressed in IBM Cloud Pak System v2.3.5.1. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable v...
Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
ROOT-APP-NPM-CVE-2026-33228 CVE-2026-33228 in @rootio/flatted - Patched by Root
Root has patched CVE-2026-33228 in the @rootio/flatted package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-32141 CVE-2026-32141 in @rootio/flatted - Patched by Root
Root has patched CVE-2026-32141 in the @rootio/flatted package for Root:npm. Multiple fixed versions available...
Security Bulletin: IBM Quantum Safe Remediator is affected by multiple vulnerabilities
Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the libraries versions. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228.
Summary IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circul...
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.3 Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as...
CVE-2026-33228
A flaw was found in flatted, a JavaScript Object Notation JSON parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse function in flatted fails to properly validate string values used as array...
Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench ist affected by leaking a live reference to Array.Prototype
Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array...
Linux Distros Unpatched Vulnerability : CVE-2026-33228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direc...
CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
UBUNTU-CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
CVE-2026-33228 flatted: Prototype Pollution via parse()
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
CVE-2026-33228 flatted: Prototype Pollution via parse()
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
CVE-2026-33228 flatted: Prototype Pollution via parse()
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
CVE-2026-33228
Flatted (JSON circular parser) is affected. Prior to 3.4.2, its parse() could treat attacker-controlled string values as direct array index keys, and using the key proto on the internal Array could expose Array.prototype to the output, enabling prototype pollution. The issue has been patched in v...
CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...
CVE-2026-33228
flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...