GHSA-W2CQ-G8G3-GM83 content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE

Impact A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called proto you can override the Object prototype. For example: const parse = require'content-security-policy-parser'; const x = parse"default-src 'self'; proto foobar";...

content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE

Impact A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called proto you can override the Object prototype. For example: const parse = require'content-security-policy-parser'; const x = parse"default-src 'self'; proto foobar";...

PT-2024-15922 · Van Der Schaar · Synthcity

Name of the Vulnerable Software and Affected Versions: van der Schaar LAB synthcity version 0.2.9 Description: A critical issue has been found in the function load from file of the component PKL File Handler, leading to deserialization. The attack may be launched remotely. The vendor was contacte...