Lucene search
K

94 matches found

BDU FSTEC
BDU FSTEC
added 2022/04/06 12:0 a.m.9 views

The vulnerability of the Node Set-value module, related to type conversion errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Node Set-value module is related to type conversion errors. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data, compromise its integrity, and cause service failures...

10CVSS7.4AI score0.02457EPSS
Exploits1References10Affected Software3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2020-0230)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.02475EPSS
Exploits1References4
CNVD
CNVD
added 2022/01/03 12:0 a.m.26 views

Netgear Nighthawk R6700 Command Injection Vulnerability

The Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. A command injection vulnerability exists in the Netgear Nighthawk R6700, which stems from the fact that the product supports update checking via the soap interface and can be injected with a pre-set value. No details of the...

8.8CVSS2AI score0.03199EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2021/09/16 3:5 p.m.60 views

CVE-2021-23440

A type confusion vulnerability in nodejs-set-value can lead to a bypass of CVE-2019-10747. If the user-provided keys used in the path parameter are arrays, the function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or...

9.8CVSS4.6AI score0.02475EPSS
Exploits2References4
OSV
OSV
added 2021/09/13 8:9 p.m.3 views

GHSA-4JQC-8M5R-9RPR Prototype Pollution in set-value

This affects the package set-value. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

7.3CVSS7.1AI score0.02457EPSS
Exploits1References11
vulnersOsv
vulnersOsv
added 2021/09/13 8:9 p.m.9 views

@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2021-23440 via set-value (>=3.0.0 <=3.0.2)

set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...

9.8CVSS7.1AI score0.02457EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/09/13 8:9 p.m.7 views

3gtel-frontend-platform (=1.0.0), @achieve-all/v-element (=1.0.0) +1000 more potentially affected by CVE-2021-23440 via set-value (>=0.1.6 <=1.0.0)

set-value NPM version =0.1.6, =5.0.0, =4.0.2, =0.1.1, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =2.0.0, =2.0.16 and more Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...

9.8CVSS7.1AI score0.02457EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/09/13 8:9 p.m.4 views

@enonic/semantic-ui-react-form (>=2.1.0 <=2.3.0) potentially affected by CVE-2021-23440 via set-value (=4.0.0)

set-value NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @enonic/semantic-ui-react-form =2.1.0, =2.3.0 Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...

9.8CVSS7.1AI score0.02457EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/09/13 8:9 p.m.89 views

Prototype Pollution in set-value

This affects the package set-value. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

9.8CVSS9.3AI score0.02457EPSS
Exploits1References11Affected Software2
Veracode
Veracode
added 2021/09/13 6:49 a.m.40 views

Prototype Pollution

set-value is vulnerable to prototype pollution. Lack of validation in type of user-provided keys in the path parameter causes a bypass of CVE-2019-10747. The exploit is possible when the user-provided keys used in the path parameter are arrays...

9.8CVSS9.1AI score0.02475EPSS
Exploits2References7Affected Software2
OSV
OSV
added 2021/09/12 1:15 p.m.6 views

AZL-45225 CVE-2021-23440 affecting package js-jquery 3.5.0-4

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

9.8CVSS7.2AI score0.02457EPSS
Exploits1References1
OSV
OSV
added 2021/09/12 1:15 p.m.2 views

DEBIAN-CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

9.8CVSS8.1AI score0.02457EPSS
Exploits1References1
OSV
OSV
added 2021/09/12 1:15 p.m.30 views

CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

9.8CVSS9.3AI score
Exploits0References6
Prion
Prion
added 2021/09/12 1:15 p.m.29 views

Type confusion

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

7.5CVSS9.1AI score0.02475EPSS
Exploits2References6Affected Software2
OSV
OSV
added 2021/09/12 1:15 p.m.2 views

UBUNTU-CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

9.8CVSS7.2AI score0.02457EPSS
Exploits1References7
CVE
CVE
added 2021/09/12 12:55 p.m.305 views

CVE-2021-23440

CVE-2021-23440 is tied to a vulnerability in the Node.js set-value package (prototype pollution/type confusion) that affects versions =3.0.0

9.8CVSS8.2AI score0.02457EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2021/09/12 12:55 p.m.30 views

CVE-2021-23440 Prototype Pollution

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

7.3CVSS9.5AI score0.02457EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2021/09/12 12:51 p.m.5 views

CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

9.8CVSS5.4AI score0.02475EPSS
Exploits2References7
CNNVD
CNNVD
added 2021/09/12 12:0 a.m.7 views

set-value 安全漏洞

set-value is a module that can set nested values on objects using dot representation. A security vulnerability exists in set-value that stems from a type confusion vulnerability that could lead to a bypass of CVE-2019-10747 when the user-supplied key used in the path parameter is an array...

9.8CVSS7.9AI score0.02457EPSS
Exploits1References14
Huntr
Huntr
added 2021/08/30 9:41 a.m.29 views

Prototype Pollution in jonschlinkert/set-value

✍️ Description set-value package is vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. 🕵️‍♂️ Proof of Concept...

5.8CVSS2AI score0.00697EPSS
Exploits0
Rows per page
Query Builder