98 matches found
CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
DEBIAN-CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
Type confusion
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
UBUNTU-CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
CVE-2021-23434
The CVE-2021-23434 entry concerns the Node.js object-path package (versions before 0.11.6) with a type confusion vulnerability that can bypass the CVE-2020-15256 fix when path components are arrays. The condition currentPath === 'proto ' fails for currentPath = ['proto '], enabling potential expl...
CVE-2021-23434
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...
object-path 安全漏洞
object-path is a personal developer's Npm library for accessing variables in data structures via paths. object-path versions prior to 0.11.6 have a security vulnerability that results from a type obfuscation vulnerability when the path component used in the path parameter is an array. No details ...
PT-2021-6595 · Npm +2 · Object-Path +2
Name of the Vulnerable Software and Affected Versions: object-path versions prior to 0.11.6 Description: A type confusion issue exists in the object-path package. This issue can lead to a bypass when the path components used in the path parameter are arrays. Specifically, the condition currentPat...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +5585 more potentially affected by CVE-2020-15256 +1 more via object-path (>=0.0.1 <=0.11.5)
object-path NPM version =0.0.1, =1.0.1, =8.4.2, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =1.0.0, =0.0.1, =0.0.22 - @0soft/zero-material-ui =0.0.23-alpha.3 and more Source cves: CVE-2020-15256, CVE-2021-23434 Source advisory: SNYK:JS-OBJECTPATH-1569453...
Prototype Pollution
Overview object-path is a package to access deep properties using a path Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, th...
The vulnerability of the set function in the object-path library of the Aurora Application Software Center, related to uncontrolled changes to prototype attributes of objects, allows attackers to execute a “prototype pollution” attack.
The vulnerability of the set function in the object-path library of the Aurora application software is related to uncontrolled changes in object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...
Security Bulletin: Version 0.11.4 of Node.js module object-path included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability
Summary Security Bulletin: Version 0.11.4 of Node.js module object-path included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability Vulnerability Details CVEID: CVE-2020-15256 DESCRIPTION: Node.js object-path module could allow a remote attacker to execute arbitrary code on th...
CVE-2020-15256
A flaw was found in object-path. A prototype pollution vulnerability has been found in object-path affecting the set method. The vulnerability is limited to the includeInheritedProps mode if version = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and...
AudimexEE SQL Injection Vulnerability
AudimexEE is a system for audit management from Audimex AG, Germany. The system meets complex audit processes around the company's business, supports customization for use and is deployed platform-independently. A SQL injection vulnerability exists in the Documents component of AudimexEE versions...
CVE-2020-28115
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the objectpath parameter...
Prototype Pollution
object-path is vulnerable to prototype pollution. The vulnerability exists as the set method does not restrict the proto header value to be set. The vulnerability is limited to the includeInheritedProps mode, and setting the option includeInheritedProps: true, or by using the default...
CVE-2020-15256
A prototype pollution vulnerability has been found in object-path = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mode is n...
CVE-2020-15256
A prototype pollution vulnerability has been found in object-path = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mode is n...