94 matches found
@enonic/semantic-ui-react-form (>=2.1.0 <=2.3.0) potentially affected by CVE-2019-10747 +1 more via set-value (=4.0.0)
set-value NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @enonic/semantic-ui-react-form =2.1.0, =2.3.0 Source cves: CVE-2019-10747, CVE-2021-23440 Source advisory: SNYK:JS-SETVALUE-1540541...
@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2019-10747 +1 more via set-value (>=3.0.0 <=3.0.2)
set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2019-10747, CVE-2021-23440 Source advisory: SNYK:JS-SETVALUE-1540541...
Prototype Pollution
Overview set-value is a package that creates nested values and any intermediaries using dot notation 'a.b.c' paths. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in th...
The vulnerability of the set function in the set-value library of the Afroara Application Software Center, related to uncontrolled changes in object prototypes’ attributes, allows attackers to execute a “prototype pollution” attack.
The vulnerability of the set function in the set-value library of the Afroa Application Software is related to uncontrolled changes in object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to carry out a “prototype contamination” attack...
nodejs-set-value: prototype pollution in function set-value
A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...
nodejs-set-value: prototype pollution in function set-value
A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...
MGASA-2020-0230 Updated nodejs-set-value packages fix security vulnerability
Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...
Updated nodejs-set-value packages fix security vulnerability
Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...
CVE-2019-10747
A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...
Fedora 30 : nodejs-set-value (2020-1f1c94907b)
Update to upstream 2.0.1 release for CVE-2019-10747 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 31 : nodejs-set-value (2020-582515fa8a)
Update to upstream 2.0.1 release for CVE-2019-10747 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora: Security Advisory for nodejs-set-value (FEDORA-2020-1f1c94907b)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for nodejs-set-value (FEDORA-2020-582515fa8a)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
@idearium/cli (>=1.0.0 <=4.3.0-beta.0), @stoplight/command (>=0.0.11-1 <=0.0.24) +27 more potentially affected by CVE-2019-10747 via set-value (=3.0.0)
set-value NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @idearium/cli =1.0.0, =0.0.11-1, =0.0.11-29, =0.0.11-1, =0.0.11-1, =0.0.11-1, =0.0.18, =0.0.11-1, =0.0.11-1, =0.0.11-30, =0.0.11-1, =0.0.18,...
3gtel-frontend-platform (=1.0.0), @achieve-all/v-element (=1.0.0) +1000 more potentially affected by CVE-2019-10747 via set-value (>=0.1.6 <=1.0.0)
set-value NPM version =0.1.6, =5.0.0, =4.0.2, =0.1.1, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =2.0.0, =2.0.16 and more Source cves: CVE-2019-10747 Source advisory: OSV:GHSA-4G88-FPPR-53PP...
GHSA-4G88-FPPR-53PP Prototype Pollution in set-value
Versions of set-value prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...
Prototype Pollution in set-value
Versions of set-value prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...
DEBIAN-CVE-2019-10747
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads...
CVE-2019-10747
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads...
CVE-2019-10747
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads...