Out-Of-Bounds Write

json-patch is affected by an out-of-bounds write vulnerability. This is due to a lack of index checking of the idx parameter in patch.go, which could allow an attacker to cause a denial of service condition...

@adobe/adobe-photoshop-api-sdk (>=1.1.0 <=1.1.1), @adobe/aio-lib-analytics (=2.0.0) +23 more potentially affected by unknown CVE via fast-json-patch (>=2.0.4 <=2.1.0)

fast-json-patch NPM version =2.0.4, =1.1.0, =2.0.3, =1.0.3, =1.0.3, =0.0.4-beta.1, =2.0.2, =1.2.2, =0.3.0, =0.1.0, =2.1.32, =1.0.0, =1.2.3 and more Source cves: unknown CVE Source advisory: SNYK:JS-FASTJSONPATCH-595663...

Prototype Pollution

Overview fast-json-patch is a leaner and meaner implementation of JSON-Patch. Affected versions of this package are vulnerable to Prototype Pollution via applyPatch and applyOperation in fast-json-patch.js. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution...

Out-Of-Bounds Write

json-patch is affected by an out-of-bounds write vulnerability. This is due to a lack of index checking of the idx parameter in patch.go, which could allow an attacker to cause a denial of service condition...

Spring data rest 远程代码执行(cve-2017-8046)

漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器，使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制，编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本： Spring...