Lucene search
K

7 matches found

Snyk
Snyk
added 2026/03/09 10:44 p.m.5 views

Malicious Package

Overview json-merge-tool is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/09 10:44 p.m.6 views

Malicious code in json-merge-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e8d9c37feb30d5a44f7a94620c3a09d182a34cd5ccc1e7c97aaf4a991ab10 The package json-merge-tool was found to contain malicious code. Source: ghsa-malware 4bb041118bdac1123bd722a9b1f99ddb6ca406f7ce80d5de344b2c36614b89e...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/09 10:44 p.m.4 views

MAL-2026-1297 Malicious code in json-merge-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f16e8d9c37feb30d5a44f7a94620c3a09d182a34cd5ccc1e7c97aaf4a991ab10 The package json-merge-tool was found to contain malicious code. Source: ghsa-malware 4bb041118bdac1123bd722a9b1f99ddb6ca406f7ce80d5de344b2c36614b89e...

5.7AI score
Exploits0References1
Fedora
Fedora
added 2022/07/04 1:35 a.m.25 views

[SECURITY] Fedora 36 Update: golang-github-evanphx-json-patch-5.5.0-3.fc36

Jsonpatch is a library which provides functionallity for both applying RFC6902 JSON patches against documents, as well as for calculating & applying RFC7396 JSON merge patches...

9.3CVSS8.2AI score0.05994EPSS
Exploits4
CNNVD
CNNVD
added 2021/03/16 12:0 a.m.4 views

Paul Humphreys patchmerge 安全漏洞

Paul Humphreys patchmerge is Paul Humphreys an open source application . Provides an implementation of JSON Merge Patch RFC 7396 with extensions to support merging arrays of objects . A security vulnerability exists in patchmerge versions 1.0.0 through 1.0.1 that can be exploited by an attacker t...

9.8CVSS8.7AI score0.03507EPSS
Exploits1References3
Huntr
Huntr
added 2020/09/14 12:0 a.m.16 views

Prototype Pollution in pierreinglebert/json-merge-patch

Description json-merge-patch is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following Po...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2020/09/12 11:53 a.m.60 views

Node.js third-party modules: [json8-merge-patch] Prototype Pollution

I would like to report a Prototype Pollution vulnerability in json8-merge-patch The apply function fails to restrict access to prototypes of objects, allowing for modification of prototype behavior. Module module name: json8-merge-patch version: v1.0.1 npm page:...

5CVSS0.7AI score0.01277EPSS
Exploits1
Rows per page
Query Builder