EUVD-2021-0658

Malware in sbrugna...

CVE-2021-21368

msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. Object.prototype.proto is an access...

Security Bulletin: A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2021-21366 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by improper preserve of system...

Security Bulletin: A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service

Summary A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-21366 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by improper...

Prototype Pollution

msgpack5 is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Prototype Poisoning

Overview Impact When msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. As you are no doubt aware, Object.prototype.proto is an accessor property for the receiver's prototype. If the value corresponding to the key proto decodes to an object or null, msgpack5...

imapapi (>=1.4.6 <=1.4.9) potentially affected by CVE-2021-21368 via msgpack5 (>=5.0.0 <=5.2.0)

msgpack5 NPM version =5.0.0, =1.4.6, =1.4.9 Source cves: CVE-2021-21368 Source advisory: OSV:GHSA-GMJW-49P4-PCFM...

Prototype poisoning

Impact The issue is as follows: when msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. As you are no doubt aware, Object.prototype.proto is an accessor property for the receiver's prototype. If the value corresponding to the key proto decodes to an object or...

CVE-2021-21368

msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. Object.prototype.proto is an access...

CVE-2021-21368

msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. Object.prototype.proto is an access...

Code injection

msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. Object.prototype.proto is an access...

CVE-2021-21368 Prototype poisoning

msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "proto", it assigns the decoded value to proto. Object.prototype.proto is an access...

CVE-2021-21368

CVE-2021-21368 (msgpack5) affects msgpack5 up to versions 3.6.1, 4.5.1, and 5.2.1. Decoding a map with the key "proto " can set the decoded object’s prototype to a value, potentially causing values to resemble other types or trigger unexpected behavior. The issue does not alter the global Object....

Matteo Collina msgpack5 安全漏洞

Matteo Collina msgpack5 is a Matteo Collina open source application . Provides a msgpack v5 implementation for node.js and browsers with extension point support. A security vulnerability exists in Matteo Collina msgpack5 that stems from the fact that an attacker who submits carefully crafted...