EUVD-2019-0308

Malware in sbrugna...

Prototype Pollution

steal is vulnerable to prototype pollution. The vulnerability exists because of lack of validation in convertLater function in npm-convert.js which allows an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or contaminating th...

Prototype Pollution

ts-deepmerge is vulnerable to pollution prototype. The vulnerability exists because of missing sanitization of the merge parameters in 'src/index.test.ts', allowing an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or...

deep-get-set prototype contamination vulnerability

deep-get-set is used to set and obtain values on objects via dotted strings. deep-get-set package in all versions suffers from a prototype pollution vulnerability that stems from the vulnerability of products to uncontrolled modification of object prototype properties. An attacker could exploit...

CVE-2022-22833

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request...

Security Bulletin: Dojo vulnerability in WebSphere Liberty affects Collaboration and Deployment Services (CVE-2020-5258)

Summary There is a Dojo vulnerability in WebSphere Liberty used by Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype...

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift (CVE-2020-5258)

Summary Dojo vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by...

[SECURITY] [DLA 2139-1] dojo security update

Package : dojo Version : 1.10.2+dfsg-1+deb8u3 CVE ID : CVE-2020-5258 CVE-2020-5259 Debian Bug : 953585 953587 The following CVEs were reported against dojo: CVE-2020-5258 In affected versions of dojo, the deepCopy method is vulnerable to Prototype Pollution. An attacker could manipulate these...

Novell NetWare Web Server sewse.nlm (viewcode.jse) Traversal Arbitrary File Access

The installed version of Nombas ScriptEase Web Server Edition for NetWare on the remote host fails to sanitize input to the 'sewse.nlm' page and associated 'viewcode.jse' script before using it to display the source code of a file. By passing in a specially crafted URL argument, an attacker can...