Lucene search
+L

4 matches found

Veracode
Veracode
added 2026/06/18 6:50 a.m.10 views

Authorization Bypass

Spring Data REST is vulnerable to Authorization Bypass. The vulnerability is due to improper enforcement of write-access restrictions in the JSON Patch application/json-patch+json implementation, where intermediate path segments in multi-segment JSON Pointer expressions are not subjected to...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/03 4:4 a.m.2 views

GHSA-QH3J-MRG8-F234 Signal K Server: Arbitrary Prototype Read via `from` Field Bypass

Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...

5.3CVSS6.5AI score0.00308EPSS
Exploits1References4
OSV
OSV
added 2021/01/20 9:27 p.m.5 views

GHSA-9QMH-276G-X5PJ Prototype Pollution in immer

Overview Affected versions of immer are vulnerable to Prototype Pollution. Proof of exploit js const applyPatches, enablePatches = require"immer"; enablePatches; let obj = ; console.log"Before : " + obj.polluted; applyPatches, op: 'add', path: "proto", "polluted" , value: "yes" ; // applyPatches,...

7.5CVSS7.1AI score0.02293EPSS
Exploits1References7
Snyk
Snyk
added 2018/12/03 3:27 p.m.5 views

Prototype Pollution

Overview fast-json-patch is a leaner and meaner implementation of JSON-Patch. Affected versions of this package are vulnerable to Prototype Pollution via applyPatch and applyOperation in fast-json-patch.js. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution...

7.3CVSS6.6AI score
Exploits0References2
Rows per page
Query Builder