Lucene search
K

14 matches found

Snyk
Snyk
added 2026/06/23 9:24 p.m.19 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...

6.9CVSS6AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:24 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the POJOPropertiesCollector.renameProperties and BeanDeserializerFactory.addBeanProps methods, which rename rather than drop a property whose getter carri...

6.9CVSS6AI score0.00282EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 9:24 p.m.8 views

jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields

Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References6Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-0853

Malware in sbrugna...

7.5CVSS7.5AI score0.01404EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.6 views

CVE-2019-10805

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

7.5CVSS6.8AI score0.01404EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/04/13 3:21 p.m.45 views

Exposure of Resource to Wrong Sphere in valib

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

7.5CVSS1.7AI score0.01404EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2020/03/24 3:35 p.m.2 views

Internal Property Tampering

Overview bson is a BSON Parser for node and browser. Affected versions of this package are vulnerable to Internal Property Tampering. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...

9.8CVSS6.8AI score0.02164EPSS
Exploits0References2
Veracode
Veracode
added 2020/03/02 2:39 a.m.18 views

Object Property Tampering

valib is vulnerable to object property tampering. The usage of the built-in functions hasOwnProperty with unsafe user-input to examine an object allows bypass of several inspection functions and overwriting of the function to manipulate the inspection results to bypass security checks...

7.5CVSS2.2AI score0.01404EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/02/28 9:15 p.m.18 views

CVE-2019-10805

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

7.5CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2020/02/28 9:15 p.m.22 views

CVE-2019-10805

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

7.5CVSS7.5AI score0.01404EPSS
Exploits1References2
Prion
Prion
added 2020/02/28 9:15 p.m.19 views

Security feature bypass

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

5CVSS7.5AI score0.01404EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2020/02/28 4:6 p.m.4 views

Internal Property Tampering

Overview valib is an A standalone javascript library tailored for validation. Affected versions of this package are vulnerable to Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function...

7.5CVSS6.7AI score0.01404EPSS
Exploits1References2
Snyk
Snyk
added 2020/02/05 4:4 p.m.4 views

Internal Property Tampering

Overview taffydb is an open source JavaScript library that provides in-memory database capabilities Affected versions of this package are vulnerable to Internal Property Tampering. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forge...

7.5CVSS7.3AI score0.01877EPSS
Exploits1References2
Snyk
Snyk
added 2019/11/27 3:24 p.m.4 views

Internal Property Tampering

Overview schema-inspector is a JSON API sanitisation and validation module. Affected versions of this package are vulnerable to Internal Property Tampering. A maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector. Remediation Upgrade...

9.8CVSS6.8AI score0.01392EPSS
Exploits0References2
Rows per page
Query Builder