7 matches found
Malicious Package
Overview json-merge-tool is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in json-merge-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e8d9c37feb30d5a44f7a94620c3a09d182a34cd5ccc1e7c97aaf4a991ab10 The package json-merge-tool was found to contain malicious code. Source: ghsa-malware 4bb041118bdac1123bd722a9b1f99ddb6ca406f7ce80d5de344b2c36614b89e...
MAL-2026-1297 Malicious code in json-merge-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e8d9c37feb30d5a44f7a94620c3a09d182a34cd5ccc1e7c97aaf4a991ab10 The package json-merge-tool was found to contain malicious code. Source: ghsa-malware 4bb041118bdac1123bd722a9b1f99ddb6ca406f7ce80d5de344b2c36614b89e...
[SECURITY] Fedora 36 Update: golang-github-evanphx-json-patch-5.5.0-3.fc36
Jsonpatch is a library which provides functionallity for both applying RFC6902 JSON patches against documents, as well as for calculating & applying RFC7396 JSON merge patches...
Paul Humphreys patchmerge 安全漏洞
Paul Humphreys patchmerge is Paul Humphreys an open source application . Provides an implementation of JSON Merge Patch RFC 7396 with extensions to support merging arrays of objects . A security vulnerability exists in patchmerge versions 1.0.0 through 1.0.1 that can be exploited by an attacker t...
Prototype Pollution in pierreinglebert/json-merge-patch
Description json-merge-patch is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following Po...
Node.js third-party modules: [json8-merge-patch] Prototype Pollution
I would like to report a Prototype Pollution vulnerability in json8-merge-patch The apply function fails to restrict access to prototypes of objects, allowing for modification of prototype behavior. Module module name: json8-merge-patch version: v1.0.1 npm page:...