Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2022-46175

Summary JSON5 is used by IBM Storage Fusion Data Foundation in the management-console and could allow a remote authenticated attacker to execute arbitrary code on the systemas part of CVE-2022-46175. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Dat...

Atlassian Confluence 5.9.1 < 7.19.29 / 7.20.x < 8.5.17 / 8.6.x < 8.9.8 / 9.0.x < 9.1.0 / 9.2.0 XSS (CONFSERVER-98301)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98301 advisory. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method...

USN-6758-1 node-json5 vulnerability

It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \proto\. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network...

Prototype Pollution

json5 is vulnerable to prototype pollution. The vulnerability exists in the internalize function in parse.js due to not restricting keys named proto which allows an attacker to inject specially crafted strings to pollute the prototype of the resulting object...

02vue_toast_demo (>=1.0.0 <=1.0.4), 06demo-1 (=1.0.0) +55730 more potentially affected by CVE-2022-46175 via json5 (>=0.1.0 <=1.0.1)

json5 NPM version =0.1.0, =1.0.0, =1.0.4 - 06demo-1 =1.0.0 - 0726react =0.1.1 - 08cms =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 -...