Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/15 7:59 p.m.43 views

DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR CWE: CWE-501 Trust Boundary Violation — hook-scoped mutation leaks to global default sets via CWE-693 Protection Mechanism Failure — the default allow-list is silently widened f...

5.6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 7:59 p.m.13 views

GHSA-76MC-F452-CXCM DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR CWE: CWE-501 Trust Boundary Violation — hook-scoped mutation leaks to global default sets via CWE-693 Protection Mechanism Failure — the default allow-list is silently widened f...

6.1CVSS5.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.8 views

PT-2026-26465

Name of the Vulnerable Software and Affected Versions flatted versions prior to 3.4.2 Description flatted is a circular JSON parser. The parse function does not validate that string values from the parsed JSON used as array index keys are numeric. This allows attacker-controlled strings, such as ...

9.8CVSS5.5AI score0.00808EPSS
Exploits1References24
Prion
Prion
added 2021/10/20 1:15 p.m.12 views

Code injection

This affects all versions of package x-assign. The global proto object can be polluted using the proto object...

7.5CVSS9.4AI score0.015EPSS
Exploits1References2
Rows per page
Query Builder