RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. - kubernetes: Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal CVE-2019-11249 -...

Prototype Pollution

Overview org.webjars.npm:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Prototype Pollution via the jsondiffpatch.patch and jsondiffpatch/formatters/jsonpatch.patch APIs. An attacker can perform...

Out-of-bounds Read

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Out-of-bounds Read in the from field of JSON-patch operations. An attacker can access internal Node.js functions and prototype state by crafting a payload that targe...

EUVD-2022-4885

Malicious code in bioql PyPI...

EUVD-2022-7564

Malicious code in bioql PyPI...

GHSA-J777-63HF-HX76 Envoy Admin Interface Exposed through prometheus metrics endpoint

Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration...

SUSE CVE-2019-1002100

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

3id-connect (>=1.0.0-alpha.3 <=1.0.0-beta.15), 3id-connect-codingsh (>=1.0.0-alpha.6 <=1.0.0-alpha.7) +960 more potentially affected by CVE-2021-4279 via fast-json-patch (>=0.0.2 <=3.1.0)

fast-json-patch NPM version =0.0.2, =1.0.0-alpha.3, =1.0.0-alpha.6, =0.1.0, =0.1.1, =0.2.4, =1.0.0, =1.0.0-alpha.1, =1.1.0, =2.0.0, =1.0.2, =2.0.3, =1.0.3, =1.0.3, =0.0.4-beta.1, =1.1.0 and more Source cves: CVE-2021-4279 Source advisory: OSV:GHSA-8GH8-HQWG-XF34...

Starcounter-Jack JSON-Patch Prototype Pollution vulnerability

A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be initiated remotely...

CVE-2021-4279

A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be initiated remotely...

CVE-2021-4279

A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be initiated remotely...

CVE-2021-4279 Starcounter-Jack JSON-Patch prototype pollution

A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack can be initiated remotely...

CVE-2021-4279

CVE-2021-4279 refers to a prototype pollution vulnerability in Starcounter-Jack JSON-Patch up to version 3.1.0. The issue allows manipulation of Object.prototype attributes and can be triggered remotely. Public disclosures describe a patch in 3.1.1 (patch name 7ad6af41eabb2d799f698740a91284d762c9...

JSON-Patch 安全漏洞

JSON-Patch is a streamlined and averaged Javascript implementation of the JSON Patch standard RFC 6902 by the individual developer Joachim Wester. A security vulnerability exists in JSON-Patch versions prior to 3.1.1, which stems from a prototype contamination that can lead to improperly controll...

PT-2022-11597 · Unknown · Chbrown Rfc6902

Name of the Vulnerable Software and Affected Versions: chbrown rfc6902 affected versions not specified Description: A problematic vulnerability has been found in chbrown rfc6902, affecting an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of obje...

chbrown rfc6902 安全漏洞

rfc6902 is an implementation of rfc6902 in TypeScript by the individual developer Christopher Brown. A security vulnerability exists in chbrown rfc6902, which stems from the fact that incorrect operation can lead to prototype contamination...

Information Disclosure

spring-data-rest-webmvc is vulnerable to information disclosure. The vulnerability exists due to the improper implementation of the JSON patch in the library, allowing an attacker to get information about the hidden entity attributes through maliciously crafted HTTP requests...

Fedora: Security Advisory for golang-github-evanphx-json-patch (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-krishicks-yaml-patch (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-krishicks-yaml-patch-0.0.10-9.20200307git05b3177.fc36

Yaml-patch is a version of Evan Phoenix's json-patch, which is an implementat ion of JavaScript Object Notation JSON Patch, directly transposed to YAML...