35 matches found
fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode
When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...
CLSA-2026-1778897873 ghostscript: Fix of CVE-2025-48708
CVE-2025-48708: fix argument sanitization to redact values supplied with '' separator...
Astra Linux - уязвимость в thunderbird
matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. In versions prior to 19.4.0, events sent with special strings in key locations could temporarily disrupt or hinder the proper functioning of matrix-js-sdk, potentially affecting the consumer’s ability...
Information Exposure
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Information Exposure through the RedactArgs/os.Args handling in server/opts.go. An attacker...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.3.0 Vulnerability Details CVEID:CVE-2025-57319 DESCRIPTION: fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore functio...
Incorrect Type Conversion or Cast
Overview loggingredactor is a Redact data in logs based on regex filters and keys Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast via the RedactingFilter.redact method which converts all datatypes to string. An attacker can cause type errors and disrupt...
Security Bulletin: Astronomer with IBM is vulnerable to prototype pollution due to the fast-redact package (CVE-2025-57319)
Summary Fast-redact is used by Astronomer with IBM as part of object redaction functionality. Vulnerability Details CVEID:CVE-2025-57319 DESCRIPTION: fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of...
CLSA-2025-1763397982 squid34: Fix of CVE-2025-62168
CVE-2025-62168: Redact HTTP authentication credentials in error handling to prevent information disclosure...
squid34: Fix of CVE-2025-62168
CVE-2025-62168: Redact HTTP authentication credentials in error handling to prevent information disclosure...
CLSA-2025-1763370812 squid: Fix of CVE-2025-62168
CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...
CLSA-2025-1763031041 squid: Fix of CVE-2025-62168
CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...
Malicious code in express-redact (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4f7506bc61afb104333b21673f4899d6ea5e6982fcb1be7623fafcb4f5580a7 The package express-redact was found to contain malicious code. Source: ghsa-malware a883eba91191de6920dc8a2f765112365ac2835f16dd0918d3750d99a89cc9e9...
EUVD-2025-36848
Malicious code in express-redact npm...
MAL-2025-49000 Malicious code in express-redact (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4f7506bc61afb104333b21673f4899d6ea5e6982fcb1be7623fafcb4f5580a7 The package express-redact was found to contain malicious code. Source: ghsa-malware a883eba91191de6920dc8a2f765112365ac2835f16dd0918d3750d99a89cc9e9...
EUVD-2025-31052
Malicious code in bioql PyPI...
GHSA-FFRW-9MX8-89P8 Withdrawn Advisory: fast-redact vulnerable to prototype pollution
Withdrawn Advisory This advisory has been withdrawn because the issue uses an internal undocumented utility function. This link is maintained to preserve external references. Original Description fast-redact is a package that provides do very fast object redaction. A Prototype Pollution...
Withdrawn Advisory: fast-redact vulnerable to prototype pollution
Withdrawn Advisory This advisory has been withdrawn because the issue uses an internal undocumented utility function. This link is maintained to preserve external references. Original Description fast-redact is a package that provides do very fast object redaction. A Prototype Pollution...
CVE-2025-57319
fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS ...
CVE-2025-57319
fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service DoS ...
fast-redact 安全漏洞
fast-redact is an object editing library by the individual developer David Mark Clements. A security vulnerability exists in fast-redact 3.5.0 and earlier versions, which stems from prototype contamination in the nestedRestore function and could lead to a denial of service attack...