CVE-2024-23339

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths get, set, and update did not block attempts to access or alter object prototypes. Starting in version...

CVE-2024-23339 hoolock does not block Prototype pollution with object-path related utilities

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths get, set, and update did not block attempts to access or alter object prototypes. Starting in version...

CVE-2024-23339

Hoolock versions 2.0.0–2.2.0 expose a Prototype Pollution risk via object-path utilities (get, set, update) that fail to block inherited property access/modification. Starting in 2.2.1 these functions throw a TypeError when attempting to access or alter inherited properties, mitigating the vulner...

CVE-2023-46308

In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty...

[ASA-202012-12] blueman: privilege escalation

Arch Linux Security Advisory ASA-202012-12 ========================================== Severity: High Date : 2020-12-09 CVE-ID : CVE-2020-15238 Package : blueman Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1259 Summary ======= The package blueman before versio...

Design/Logic Flaw

Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any...