@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-39396 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-39396 Source advisory: OSV:GHSA-PRM5-8G2M-24GG...

Remote code execution via MongoDB BSON parser through prototype pollution

Impact An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. Patches Prevent prototype pollution in MongoDB database adapter. Workarounds Disable remote code execution through the MongoDB BSON parser. Collaborators Mikhail Shcherbako...

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

kernel: buffer overflow in nft_set_desc_concat_parse()

A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code...

kernel: buffer overflow in nft_set_desc_concat_parse()

A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code...

PT-2022-24955 · Unknown +2 · Parse Server +2

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.18 Parse Server versions prior to 5.3.1 on the 5.X branch Description: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An attacker can use a prototype...

PT-2022-36753 · Git +1 · Opensis

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue is reported, with a crash type indicating a heap-buffer-overflow READ 1. The crash state involves functions such as par...

PT-2022-27179 · Picoc · Picoc

Name of the Vulnerable Software and Affected Versions: PicoC version 3.2.2 Description: A heap buffer overflow was discovered in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall, which can lead to a potential issue. Recommendations: For PicoC version 3.2....

Prototype Pollution

deep-parse-json is vulnerable to prototype pollution. The library improperly validates the incoming JSON keys, which allows a remote attacker to add new properties to an object through proto attribute...

PT-2022-36752 · Git +1 · Mongoose

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue was identified, potentially causing a crash. The crash occurred in the mg mqtt parse function, as indicated by the cras...

GHSA-FF9J-PWXG-Q5P2 deep-parse-json vulnerable to Prototype Pollution

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto property to be edited...

@companydotcom/company-skynet-core (>=1.0.2 <=2.0.17), @companydotcom/micro-application-core (>=2.0.7 <=2.0.18-alpha.0) +10 more potentially affected by CVE-2022-42743 via deep-parse-json (>=1.0.1 <=1.0.2)

deep-parse-json NPM version =1.0.1, =1.0.2, =2.0.7, =0.0.1, =0.0.1, =0.0.19, =6.5.7, =5.3.0, =1.0.0, =0.0.6, =0.0.1, =0.0.13 - redux-persist-nedb-storage =0.1.0 Source cves: CVE-2022-42743 Source advisory: OSV:GHSA-FF9J-PWXG-Q5P2...

CVE-2022-42743

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2022-42743

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

Code injection

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2022-42743

CVE-2022-42743 affects the deep-parse-json library, version 1.0.2. The root cause is improper validation of incoming JSON keys, allowing the proto property to be edited, enabling prototype pollution where an external attacker can edit/add object properties. Impact stated across sources: remote ma...

CVE-2022-42743 deep-parse-json 1.0.2 - Prototype Pollution

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2022-42743 deep-parse-json 1.0.2 - Prototype Pollution

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

deep-parse-json 安全漏洞

deep-parse-json is a Javascript function for recursively parsing stringified json by Sibaprasad Maiti Personal Developer. A security vulnerability exists in deep-parse-json version 1.0.2, which stems from an application not properly validating incoming JSON keys...

PT-2022-26533 · Unknown · Deep-Parse-Json

Name of the Vulnerable Software and Affected Versions: deep-parse-json version 1.0.2 Description: The issue allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto...