Lucene search
+L

4 matches found

OSV
OSV
added 2026/04/03 4:4 a.m.2 views

GHSA-QH3J-MRG8-F234 Signal K Server: Arbitrary Prototype Read via `from` Field Bypass

Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...

5.3CVSS6.5AI score0.00308EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/03 4:4 a.m.8 views

Signal K Server: Arbitrary Prototype Read via `from` Field Bypass

Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...

6.5CVSS6.5AI score0.00308EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/02 4:20 p.m.19 views

CVE-2026-35038 signalk-server: Arbitrary Prototype Read via `from` Field Bypass

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...

5.3CVSS0.00308EPSS
Exploits1References2
OSV
OSV
added 2026/04/02 4:20 p.m.2 views

CVE-2026-35038 signalk-server: Arbitrary Prototype Read via `from` Field Bypass

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via from field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal...

5.3CVSS6AI score0.00308EPSS
Exploits1References4
Rows per page
Query Builder