Lucene search
K

94 matches found

vulnersOsv
vulnersOsv
added 2021/08/12 4:49 p.m.26 views

@enonic/semantic-ui-react-form (>=2.1.0 <=2.3.0) potentially affected by CVE-2019-10747 +1 more via set-value (=4.0.0)

set-value NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @enonic/semantic-ui-react-form =2.1.0, =2.3.0 Source cves: CVE-2019-10747, CVE-2021-23440 Source advisory: SNYK:JS-SETVALUE-1540541...

9.8CVSS7.1AI score0.02475EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2021/08/12 4:49 p.m.6 views

@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2019-10747 +1 more via set-value (>=3.0.0 <=3.0.2)

set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2019-10747, CVE-2021-23440 Source advisory: SNYK:JS-SETVALUE-1540541...

9.8CVSS7.1AI score0.02475EPSS
Exploits2
Snyk
Snyk
added 2021/08/12 4:49 p.m.8 views

Prototype Pollution

Overview set-value is a package that creates nested values and any intermediaries using dot notation 'a.b.c' paths. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in th...

9.8CVSS8.8AI score0.02475EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.7 views

The vulnerability of the set function in the set-value library of the Afroara Application Software Center, related to uncontrolled changes in object prototypes’ attributes, allows attackers to execute a “prototype pollution” attack.

The vulnerability of the set function in the set-value library of the Afroa Application Software is related to uncontrolled changes in object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to carry out a “prototype contamination” attack...

9.8CVSS7.4AI score0.02475EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2021/02/16 2:25 p.m.6 views

nodejs-set-value: prototype pollution in function set-value

A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...

9.8CVSS7.2AI score0.02475EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/02/11 1:37 p.m.6 views

nodejs-set-value: prototype pollution in function set-value

A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...

9.8CVSS7.2AI score0.02475EPSS
Exploits1References4
OSV
OSV
added 2020/05/27 12:46 a.m.12 views

MGASA-2020-0230 Updated nodejs-set-value packages fix security vulnerability

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...

9.8CVSS7.9AI score0.02475EPSS
Exploits1References3
Mageia
Mageia
added 2020/05/27 12:46 a.m.63 views

Updated nodejs-set-value packages fix security vulnerability

Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a...

9.8CVSS4.7AI score0.02475EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/04/07 5:3 p.m.53 views

CVE-2019-10747

A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...

9.8CVSS3.1AI score0.05006EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2020/02/10 12:0 a.m.60 views

Fedora 30 : nodejs-set-value (2020-1f1c94907b)

Update to upstream 2.0.1 release for CVE-2019-10747 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

9.8CVSS8AI score0.02475EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/02/10 12:0 a.m.34 views

Fedora 31 : nodejs-set-value (2020-582515fa8a)

Update to upstream 2.0.1 release for CVE-2019-10747 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

9.8CVSS8AI score0.02475EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/02/08 12:0 a.m.24 views

Fedora: Security Advisory for nodejs-set-value (FEDORA-2020-1f1c94907b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.02475EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/02/08 12:0 a.m.27 views

Fedora: Security Advisory for nodejs-set-value (FEDORA-2020-582515fa8a)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.02475EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2019/08/27 5:43 p.m.5 views

@idearium/cli (>=1.0.0 <=4.3.0-beta.0), @stoplight/command (>=0.0.11-1 <=0.0.24) +27 more potentially affected by CVE-2019-10747 via set-value (=3.0.0)

set-value NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @idearium/cli =1.0.0, =0.0.11-1, =0.0.11-29, =0.0.11-1, =0.0.11-1, =0.0.11-1, =0.0.18, =0.0.11-1, =0.0.11-1, =0.0.11-30, =0.0.11-1, =0.0.18,...

9.8CVSS7.1AI score0.02475EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2019/08/27 5:43 p.m.5 views

3gtel-frontend-platform (=1.0.0), @achieve-all/v-element (=1.0.0) +1000 more potentially affected by CVE-2019-10747 via set-value (>=0.1.6 <=1.0.0)

set-value NPM version =0.1.6, =5.0.0, =4.0.2, =0.1.1, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =2.0.0, =2.0.16 and more Source cves: CVE-2019-10747 Source advisory: OSV:GHSA-4G88-FPPR-53PP...

9.8CVSS7.1AI score0.02475EPSS
Exploits1
OSV
OSV
added 2019/08/27 5:43 p.m.2 views

GHSA-4G88-FPPR-53PP Prototype Pollution in set-value

Versions of set-value prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...

9.8CVSS7.1AI score0.02475EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2019/08/27 5:43 p.m.86 views

Prototype Pollution in set-value

Versions of set-value prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...

9.8CVSS4.6AI score0.02475EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2019/08/23 5:15 p.m.4 views

DEBIAN-CVE-2019-10747

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads...

9.8CVSS8.1AI score0.02475EPSS
Exploits1References1
NVD
NVD
added 2019/08/23 5:15 p.m.23 views

CVE-2019-10747

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads...

9.8CVSS8.2AI score0.02475EPSS
Exploits1References4
OSV
OSV
added 2019/08/23 5:15 p.m.28 views

CVE-2019-10747

set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads...

9.8CVSS7AI score
Exploits0References4
Rows per page
Query Builder