PT-2021-15438 · Unknown · Nested-Object-Assign

Name of the Vulnerable Software and Affected Versions: nested-object-assign versions prior to 1.0.4 Description: The issue concerns Prototype Pollution via the default function. Recommendations: For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue...

Prototype Pollution

Overview nested-object-assign is a Package to support nested merging of objects & properties, using Object.Assign Affected versions of this package are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below. PoC // poc.js const assign =...

Prototype Pollution in geta/nestedobjectassign

Description nested-object-assign is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const assign = require'nested-object-assign' console.log'Before: ' + .polluted assign, JSON.parse'"proto": "polluted": true' console.log'After: ' +...

Denial Of Service (DoS)

MessagePack is vulnerable to denial of service. Untrusted data and deeply nested object graphs can lead to hash collisions and stack overflow that results in an application crash...

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

Cross-Site Scripting

Overview Affected versions of swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document. Proof of Concept The vulnerable object structure is: "definitions": "arbitraryVal": "properties": "": "LoremIpsum" Malicious JSON documents can ...

openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)

This update fixes the following security issues with SeaMonkey : - update to SeaMonkey 2.23 bnc854370 - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 bmo771294 Application Installation doorhanger...

Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107)

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site...

Sandbox restrictions not applied to nested object elements — Mozilla

Mozilla security developer Daniel Veditz discovered that restrictions are not applied to an element contained within a sandboxed iframe. This could allow content hosted within a sandboxed iframe to use element to bypass the sandbox restrictions that should be applied...

Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability

The host is installed with Apple Safari and is prone to Denial Of Service vulnerability OpenVAS Vulnerability Test $Id: gbapplesafariobjecttagdosvuln.nasl 5263 2017-02-10 13:45:51Z teissa $ Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability Authors: Madhuri D Copyright:...

Internet Explorer Nested Object Tag Handling Memory Corruption (MS06-021; CVE-2006-1992)

Microsoft Internet Explorer IE is the most widely used web browser application. The browser is capable of processing HTML, scripting languages, and interpretation of various other popular Internet specifications. There exists a memory corruption vulnerability in Microsoft Internet Explorer. The...

[Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable

Hello, There has recently been some discussion regarding whether or not the MSIE Nested Object Vulnerability reported by Michal Zalewski is exploitable or not. Link to Michal Zalewski Full-Disclosure Posting: http://lists.grok.org.uk/pipermail/full-disclosure/2006- April/045422.html Because of...

CVE-2006-1992

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service crash via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but...

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Michal Zalewski wrote: Perhaps not surprisingly, there appears to be a vulnerability in how Microsoft Internet Explorer handles or fails to handle certain combinations of nested OBJECT tags. This was tested with MSIE 6.0.2900.2180.xpsp.040806-182...

Microsoft Internet Explorer 6 - Nested OBJECT Tag Memory Corruption

source: https://www.securityfocus.com/bid/17658/info Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This issue is due to a flaw in the application in handling nested OBJECT tags in HTML content. An attacker could exploit this issue via a malicious web page to potential...