123 matches found
CVE-2023-51074
CVE-2023-51074 affects json-path v2.8.0 and involves a stack-based buffer overflow in Criteria.parse(). IBM’s Security Bulletin for IBM Rational Performance Tester lists affected products as Rational Performance Tester 9.2, 9.5, 10.0, 10.1, 10.2, and 11.0 (up to 11.0.6). A remediation is to upgra...
CVE-2023-51074
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method...
CVE-2023-51074
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse method...
PT-2023-9053 · Jsonpath +1 · Jsonpath +1
Name of the Vulnerable Software and Affected Versions: json-path version 2.8.0 Description: The issue is related to a stack overflow in the Criteria.parse method of the json-path library. This can potentially allow a remote attacker to cause a denial of service. Recommendations: For json-path...
GHSA-5X5Q-8CGM-2HJQ Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
Summary The CVE How to fix it Very simple, just upgrade json-path package to 2.8.0 from 2.7.0 inside karate-core pom.xml ;...
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
Summary The CVE How to fix it Very simple, just upgrade json-path package to 2.8.0 from 2.7.0 inside karate-core pom.xml ;...
[SECURITY] Fedora 35 Update: golang-github-pelletier-toml-1.9.4-2.fc35
Go-toml provides the following features for using data parsed from TOML documents: - Load TOML documents from files and string data - Easily navigate TOML structure using Tree - Mashaling and unmarshaling to and from data structures - Line & column position data for all parsed elements - Query...
[SECURITY] Fedora 36 Update: golang-github-pelletier-toml-1.9.4-2.fc36
Go-toml provides the following features for using data parsed from TOML documents: - Load TOML documents from files and string data - Easily navigate TOML structure using Tree - Mashaling and unmarshaling to and from data structures - Line & column position data for all parsed elements - Query...
CVE-2022-29653
OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...
CVE-2021-30127
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but...
GHSA-2598-2F59-RMHQ SQL Injection in sequelize
Versions of sequelize prior to 3.35.1 are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the Postgres dialect, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 3.35.1 or later...
SQL Injection in sequelize
Affected versions of sequelize are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the MariaDB and MySQL dialects, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation If you are using sequelize 5.x, upgrade to version...
CVE-2019-10748
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects...
CVE-2019-10748
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects...
Sql injection
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects...
CVE-2019-10748
Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properly escaped for the MySQL/MariaDB dialects...
GHSA-M9JW-237R-GVFV SQL Injection in sequelize
Affected versions of sequelize are vulnerable to SQL Injection. The function sequelize.json incorrectly formatted sub paths for JSON queries, which allows attackers to inject SQL statements and execute arbitrary SQL queries if user input is passed to the query. Exploitation example: js return...
SQL Injection
Overview Versions of sequelize prior to 3.35.1 are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the Postgres dialect, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 3.35.1 or later. References...
SQL Injection
sequelize is vulnerable to sql injection attacks. The attacks are possible because the library does not properly escape the JSON path key provided by user using mariadb dialects in query-generator.js...
SQL Injection
sequelize is vulnerable to sql injection attacks. The attacks are possible because the library does not escape the JSON path key provided by the user using postgres dialects in query-generator.js...