CVE-2023-0574

CVE-2023-0574 affects Yugabyte Managed (versions 2.0.0.0–2.13.0.0). The issue combines Server-Side Request Forgery (SSRF) with improperly controlled modification of dynamically-determined object attributes and improper restriction of excessive authentication attempts, allowing access to functiona...

Prototype Pollution

open-graph is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Improperly Controlled Modification of Object Prototype Attributes

Overview think-logic before version 1.1.3 has a prototype pollution vulnerability. Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object...

GHSA-9GGP-4JPR-7PPJ Duplicate Advisory: Possible remote code execution via a remote procedure call

Withdrawn: duplicate of GHSA-pj4g-4488-wmxm Original Description In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings...