USN-5967-1: object-path vulnerabilities

It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash. CVE-2020-15256, CVE-2021-23434, CVE-2021-3805...

USN-5967-1 node-object-path vulnerabilities

It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent process. An attacker could use this issue to cause object-path to crash. CVE-2020-15256, CVE-2021-23434, CVE-2021-3805...

Ubuntu 18.04 LTS / 20.04 LTS : object-path vulnerabilities (USN-5967-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5967-1 advisory. It was discovered that the set method in object-path could be corrupted as a result of prototype pollution by sending a message to the parent...

SUSE CVE-2015-3218

The authenticationagentnew function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit aka polkit before 0.113 allows local users to cause a denial of service NULL pointer dereference and polkitd daemon crash by calling RegisterAuthenticationAgent with an invalid object path...

Debian dla-3291 : node-object-path - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3291 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3291-1 [email protected]...

[SECURITY] [DLA 3291-1] node-object-path security update

Debian LTS Advisory DLA-3291-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 29, 2023 https://wiki.debian.org/LTS Package : node-object-path Version : 0.11.4-2+deb10u2 CVE ID : CVE-2021-3805 CVE-2021-23434 It was discovered that node-object-path, a Node.j...

MAL-2022-1643 Malicious code in boject-path (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 581c62a26867e464a705352a756508dc74b07d9da629c8102fbd28985461a385 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the Node Object-path module, related to type conversion errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Node Object-path module is related to errors in data type conversion. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Prototype Pollution

object-path-set is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the isValidKey function of index.js and modify attributes such as proto, constructor, and prototype...

Prototype Pollution in object-path-set

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

express-requests-loggly (>=0.1.0 <=0.1.2), mongoose-power-populate (>=1.0.0 <=1.3.4) +5 more potentially affected by CVE-2021-23507 via object-path-set (>=0.0.1 <=0.0.2)

object-path-set NPM version =0.0.1, =0.1.0, =1.0.0, =0.2.3, =0.2.0, =0.1.0, =0.1.0, =1.0.0, =1.1.1 Source cves: CVE-2021-23507 Source advisory: OSV:GHSA-H6PR-C536-6RJG...

GHSA-H6PR-C536-6RJG Prototype Pollution in object-path-set

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

CVE-2021-23507

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

CVE-2021-23507

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

CVE-2021-23507

CVE-2021-23507 affects the npm package object-path-set . Versions before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, enabling an attacker to merge properties into object prototypes. Impact can include denial of service or potential remote code execution, per the provided r...

CVE-2021-23507 Prototype Pollution

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

object-path 安全漏洞

object-path is a personal developer's Npm library for accessing variables in data structures via paths. A security vulnerability exists in object-path-set prior to version 1.0.2, which stems from software that is vulnerable to Prototype Pollution via the setPath method, allowing an attacker to...

Prototype Pollution

Overview object-path-set is a set values in javascript objects by specifying a path Affected versions of this package are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix ...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.9 security, bug, and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.2.9 General Availability release images, which provide security updates, one or more container updates, and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...

GHSA-8V63-CQQC-6R2C Prototype Pollution in object-path

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'. The del function fails to validate which Object properties it deletes. This allows attackers to modify the prototype of Object, causing the modification of default properties like...