Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2019/12/02 6:16 p.m.72 views

Pomelo allows external control of critical state data

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5.3CVSS5.6AI score0.01157EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/12/02 6:16 p.m.32 views

GHSA-4X6V-RWH4-55JW Pomelo allows external control of critical state data

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5.3CVSS5.2AI score0.01157EPSS
Exploits1References3
NVD
NVD
added 2019/11/14 12:15 a.m.36 views

CVE-2019-18954

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5.3CVSS5.3AI score0.01157EPSS
Exploits1References2
OSV
OSV
added 2019/11/14 12:15 a.m.13 views

CVE-2019-18954

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5.3CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2019/11/14 12:15 a.m.17 views

Xxe

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5CVSS5.3AI score0.01157EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/11/13 11:39 p.m.47 views

CVE-2019-18954

Pomelo v2.2.5 is affected by CVE-2019-18954, a prototype-pollution vulnerability where a malicious user input can overwrite internal attributes in template/game-server/app/servers/connector/handler/entryHandler.js, enabling external control of critical state data. The issue arises from conflictin...

5.3CVSS5.2AI score0.01157EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/11/13 11:39 p.m.41 views

CVE-2019-18954

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

5.3AI score0.01157EPSS
Exploits1References2
Rows per page
Query Builder