34 matches found
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in redactval, whose secret value redaction sets maxdepth=1 and therefore does not properly extend to values in nested JSON objects. An attacker can see such nested JSON values responses...
EUVD-2026-13505
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the core mapping engine when handling deeply nested object graphs. An attacker can cause the application to crash. Remediation Upgrade AutoMapper to version 15.1.3, 16.1.1 or higher. References - GitHub Advisor...
EUVD-2026-11255
Parse Server vulnerable to SQL injection via Increment operation on nested object field in PostgreSQL...
EUVD-2026-10547
Parse Server has denylist requestKeywordDenylist keyword scan bypass through nested object placement...
EUVD-2026-8788
dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set and transform...
CVE-2026-25047
deepHas provides a test for the existence of a nested object key and optionally returns that key. A prototype pollution vulnerability exists in version 1.0.7 of the deephas npm package that allows an attacker to modify global object behavior. This issue was fixed in version 1.0.8...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service
Summary Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. Following IBM® Engineering Lifecycle Management product is...
EUVD-2018-0589
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-3436
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xpdf 4.04 will deadlock on a PDF object stream whose Length field is itself in another object stream. CVE-2023-3436 Note that Nessus relies on the presence of t...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the lib:objagg library not properly handling nested cases when aggregating objects, leading to multiple warnings...
Prototype Pollution
Conform is vulnerable to prototype pollution. The vulnerability is due to the nested object parsing, allowing attackers to trigger prototype pollution by passing crafted input to parseWith functions. Applications using Conform for server-side validation of form data or URL parameters are affected...
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function
Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...
SUSE CVE-2003-1301
Sun Java Runtime Environment JRE 1.x before 1.4.211 and 1.5.x before 1.5.006, and as used in multiple web browsers, allows remote attackers to cause a denial of service application crash via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid...
Mozilla Firefox Security Advisory (MFSA2013-107) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Prototype pollution in nested-object-assign
The package nested-object-assign before 1.0.4 is vulnerable to Prototype Pollution via the default function...
GHSA-C497-V8PV-CH6X Prototype pollution in nested-object-assign
The package nested-object-assign before 1.0.4 is vulnerable to Prototype Pollution via the default function...
Prototype Pollution
nested-object-assign is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
CVE-2021-23329
CVE-2021-23329 affects the npm package nested-object-assign, specifically versions prior to 1.0.4. The vulnerability is Prototype Pollution via the default function, allowing an attacker to inject properties into Object.prototype. Exploitation details are not provided in the provided documents, b...
PT-2021-15438 · Unknown · Nested-Object-Assign
Name of the Vulnerable Software and Affected Versions: nested-object-assign versions prior to 1.0.4 Description: The issue concerns Prototype Pollution via the default function. Recommendations: For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue...