EUVD-2021-1228

Malware in sbrugna...

EUVD-2021-2324

Malware in sbrugna...

GHSA-8GWJ-8HXC-285W Prototype Pollution in json-ptr

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

Prototype Pollution in json-ptr

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by CVE-2021-23509

Summary IBM App Connect Enterprise Certified Container may be affected by a prototype pollution flaw in the pointer parameter in json-ptr due to CVE-2021-23509 Vulnerability Details CVEID: CVE-2021-23509 DESCRIPTION: Node.js json-ptr module could allow a remote attacker to execute arbitrary code ...

Json-Ptr type obfuscation vulnerability

Json-Ptr is a full implementation of Json pointer Rfc 6901 for Nodejs and modern browsers. a security vulnerability exists in Json-Ptr, which stems from a design or implementation impropriety in the code development process of a web system or product. No details of the vulnerability are currently...

Prototype Pollution

json-ptr is vulnerable to prototype pollution. The vulnerability exists in 'setValueAtPath' and 'unsetValueAtPath' functions in 'util.ts' because the type of user provided keys are not properly validated. An attacker is able to inject properties into existing construct prototypes and modify...

CVE-2021-23509

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

CVE-2021-23509

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

Type confusion

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

CVE-2021-23509 Prototype Pollution

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

CVE-2021-23509

CVE-2021-23509 affects the json-ptr package prior to 3.0.0. The vulnerability is described as a type confusion in the pointer parameter that can be triggered by user-provided keys, potentially enabling a bypass of CVE-2020-7766 when those keys are arrays. Related advisories (GHSA, osv, NVD entrie...

Arbitrary Code Execution

json-ptr is vulnerable to arbitrary code execution. An attacker is able to execute arbitrary code on the host OS via the .get method due to lack of input validation...

@agentscript-ai/linear (>=0.1.0 <=0.9.0), @appscode/json-filter (>=0.0.1 <=0.0.6) +254 more potentially affected by unknown CVE via json-ptr (>=0.1.1 <=2.0.0)

json-ptr NPM version =0.1.1, =0.1.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =2.0.0-pr.1, =0.0.1-alpha.1, =1.0.1, =1.9.0, =1.6.0, =1.3.1, =2.1.1, =1.1.0, =1.4.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-RRQV-VJRW-HRCR...

GHSA-RRQV-VJRW-HRCR Arbitrary Code Execution in json-ptr

There is a security vulnerability in json-ptr versions prior to v2.1.0 in which an unscrupulous actor may execute arbitrary code. If your code sends un-sanitized user input to json-ptr's .get method, your project is vulnerable to this injection-style vulnerability...

Arbitrary Code Execution in json-ptr

There is a security vulnerability in json-ptr versions prior to v2.1.0 in which an unscrupulous actor may execute arbitrary code. If your code sends un-sanitized user input to json-ptr's .get method, your project is vulnerable to this injection-style vulnerability...

Arbitrary JavaScript Execution

Overview There is a security vulnerability in json-ptr versions prior to v2.1.0 in which an unscrupulous actor may execute arbitrary code. If your code sends un-sanitized user input to json-ptr's .get method, your project is vulnerable to this injection-style vulnerability. Recommendation Upgrade...

@agentscript-ai/linear (>=0.1.0 <=0.9.0), @appscode/json-filter (>=0.0.1 <=0.0.6) +254 more potentially affected by CVE-2020-7766 via json-ptr (>=0.1.1 <=2.0.0)

json-ptr NPM version =0.1.1, =0.1.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =2.0.0-pr.1, =0.0.1-alpha.1, =1.0.1, =1.9.0, =1.6.0, =1.3.1, =2.1.1, =1.1.0, =1.4.3 and more Source cves: CVE-2020-7766 Source advisory: OSV:GHSA-X5R6-X823-9848...

Arbitrary Code Execution in json-ptr

npm json-ptr before 2.1.0 has an arbitrary code execution vulnerability. The issue occurs in the set operation when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution...

GHSA-X5R6-X823-9848 Arbitrary Code Execution in json-ptr

npm json-ptr before 2.1.0 has an arbitrary code execution vulnerability. The issue occurs in the set operation when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution...