15 matches found
EUVD-2022-0586
Malicious code in bioql PyPI...
Security Bulletin: Vulnerability in min-dash affects IBM Process Mining [CVE-2021-23460]
Summary There is a vulnerability in min-dash that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2021-23460 Vulnerability Details...
@hbtgmbh/dmn-eval-js (>=1.4.0 <=1.5.0), @hbtgmbh/dmn-server (>=1.0.0 <=1.0.2) +33 more potentially affected by CVE-2021-23460 via min-dash (>=1.1.0 <=3.5.2)
min-dash NPM version =1.1.0, =1.4.0, =1.0.0, =0.16.0, =1.0.105, =1.0.0, =1.0.33, =1.0.1, =0.28.0, =0.1.0, =3.0.0, =1.0.0, =0.2.0, =0.11.0, =3.0.0, =4.0.0 and more Source cves: CVE-2021-23460 Source advisory: OSV:GHSA-2M53-83F3-562J...
Prototype pollution in min-dash
Impact The set method is vulnerable to prototype pollution with specially crafted inputs. javascript // insert the following into poc.js and run node poc,js after installing the package let parser = require"min-dash"; parser.set, "proto", "polluted", "success"; console.logpolluted; Patches...
GHSA-2M53-83F3-562J Prototype pollution in min-dash
Impact The set method is vulnerable to prototype pollution with specially crafted inputs. javascript // insert the following into poc.js and run node poc,js after installing the package let parser = require"min-dash"; parser.set, "proto", "polluted", "success"; console.logpolluted; Patches...
GHSA-FM93-FHH2-CG2C Duplicate Advisory: Prototype Pollution in min-dash
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2m53-83f3-562j. This link is maintained to preserve external references. Original Description The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement...
Duplicate Advisory: Prototype Pollution in min-dash
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2m53-83f3-562j. This link is maintained to preserve external references. Original Description The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement...
Prototype Pollution
min-dash is vulnerable to prototype pollution. The vulnerability exists due to a lack of sanitization for the key types, allowing an attacker to exploit the vulnerability by injecting arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and...
CVE-2021-23460
The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types...
CVE-2021-23460
The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types...
CVE-2021-23460 Prototype Pollution
The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types...
CVE-2021-23460
The CVE-2021-23460 entry concerns the min-dash library (versions before 3.8.1) and a prototype pollution flaw in the set method caused by missing enforcement of key types. Affected software: min-dash; vulnerable component: the set method. Impact described across sources as prototype pollution tha...
min-dash 安全漏洞
min-dash is a minimal utility belt for use with bpmn.io related libraries. A security vulnerability exists in versions prior to min-dash 3.8.1, which stems from the lack of critical type enforcement and makes the software susceptible to prototype contamination via the set method...
Prototype Pollution
Overview min-dash is a Minimal utility tool belt to be used with bpmn.io related libraries. Affected versions of this package are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types. PoC: js let parser = require"min-dash"; parser.set, "proto", "polluted",...
entfrm-bpmn (>=8.6.2 <=8.6.6), entfrm-flowable-designer (>=1.0.0 <=1.2.6) +4 more potentially affected by CVE-2021-23460 via min-dash (=3.5.2)
min-dash NPM version =3.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on min-dash and may be impacted: - entfrm-bpmn =8.6.2, =1.0.0, =2.2.0, =1.0.0, =1.1.3 Source cves: CVE-2021-23460 Source advisory: SNYK:JS-MINDASH-2340605...