PT-2022-27179 · Picoc · Picoc

Name of the Vulnerable Software and Affected Versions: PicoC version 3.2.2 Description: A heap buffer overflow was discovered in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall, which can lead to a potential issue. Recommendations: For PicoC version 3.2....

PT-2022-24955 · Unknown +2 · Parse Server +2

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.18 Parse Server versions prior to 5.3.1 on the 5.X branch Description: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An attacker can use a prototype...

Prototype Pollution

deep-parse-json is vulnerable to prototype pollution. The library improperly validates the incoming JSON keys, which allows a remote attacker to add new properties to an object through proto attribute...

PT-2022-36752 · Git +1 · Mongoose

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue was identified, potentially causing a crash. The crash occurred in the mg mqtt parse function, as indicated by the cras...

@companydotcom/company-skynet-core (>=1.0.2 <=2.0.17), @companydotcom/micro-application-core (>=2.0.7 <=2.0.18-alpha.0) +10 more potentially affected by CVE-2022-42743 via deep-parse-json (>=1.0.1 <=1.0.2)

deep-parse-json NPM version =1.0.1, =1.0.2, =2.0.7, =0.0.1, =0.0.1, =0.0.19, =6.5.7, =5.3.0, =1.0.0, =0.0.6, =0.0.1, =0.0.13 - redux-persist-nedb-storage =0.1.0 Source cves: CVE-2022-42743 Source advisory: OSV:GHSA-FF9J-PWXG-Q5P2...

GHSA-FF9J-PWXG-Q5P2 deep-parse-json vulnerable to Prototype Pollution

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto property to be edited...

CVE-2022-42743

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2022-42743

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

Code injection

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2022-42743 deep-parse-json 1.0.2 - Prototype Pollution

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

PT-2022-26533 · Unknown · Deep-Parse-Json

Name of the Vulnerable Software and Affected Versions: deep-parse-json version 1.0.2 Description: The issue allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto...

CVE-2022-42743 deep-parse-json 1.0.2 - Prototype Pollution

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

CVE-2022-42743

CVE-2022-42743 affects the deep-parse-json library, version 1.0.2. The root cause is improper validation of incoming JSON keys, allowing the proto property to be edited, enabling prototype pollution where an external attacker can edit/add object properties. Impact stated across sources: remote ma...

deep-parse-json 安全漏洞

deep-parse-json is a Javascript function for recursively parsing stringified json by Sibaprasad Maiti Personal Developer. A security vulnerability exists in deep-parse-json version 1.0.2, which stems from an application not properly validating incoming JSON keys...

UBUNTU-CVE-2022-3809

A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been...

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 that originates in the ParseCommandLine method in the Mp4Tag/Mp4Tag.cpp file of the mp4tag component that can lead to a denial of service...

PT-2022-36733 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: A security exception occurs due to an issue in the java.base/jdk.internal.math.FloatingDecimal.readJavaFormatString and java.base/jdk.internal.math.FloatingDecimal.parseDouble functions, which...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-2683)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request...

PT-2022-24196 · Axiomatic · Bento4

Name of the Vulnerable Software and Affected Versions: Axiomatic Bento4 affected versions not specified Description: A problematic issue was found, affecting the ParseCommandLine function of the Mp4Tag/Mp4Tag.cpp file in the mp4tag component. This issue leads to denial of service and can be...

CVE-2022-3809 Axiomatic Bento4 mp4tag Mp4Tag.cpp ParseCommandLine denial of service

A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been...