33 matches found
EUVD-2022-0668
Malicious code in bioql PyPI...
EUVD-2022-0670
Malicious code in bioql PyPI...
GHSA-Q4J7-V27R-FGCX Prototype Pollution in realms-shim
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
Prototype Pollution in realms-shim
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)
realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...
Prototype Pollution in realms-shim
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
GHSA-PWM7-QR6J-3VJG Prototype Pollution in realms-shim
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23594 via realms-shim (=1.2.2)
realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...
Prototype Pollution
realms-shim is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor, and prototype. and bypass the sandbox...
Sandbox Bypass
realms-shim is vulnerable to sandbox bypass. The vulnerability exists through the 'realmEvaluate' function in 'realm.js' as its does not properly validate the input, allowing an attacker bypass the sandbox by inject properties into existing construct prototypes...
CVE-2021-23594
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
CVE-2021-23594
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
CVE-2021-23543
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
CVE-2021-23543
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
Code injection
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
CVE-2021-23543
CVE-2021-23543 affects the npm package realms-shim. The vulnerability is a Sandbox Bypass via Prototype Pollution in realms-shim, with root causes involving unsafe recursive merges and prototype/ 'proto ' manipulation in object merges or path definitions (as described in the Snyk/NVD entries and ...
CVE-2021-23543 Sandbox Bypass
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
CVE-2021-23594
The CVE concerns realms-shim, a shim for the Realm API, vulnerable to Sandbox Bypass via Prototype Pollution. The root cause is unsafe prototype/recursive merge behavior that can pollute Object.prototype (and related constructs), enabling manipulation of prototypes and potentially remote code exe...
CVE-2021-23594 Sandbox Bypass
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...
@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)
realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...