Prototype Pollution in set-value

This affects the package set-value. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2021-23440 via set-value (>=3.0.0 <=3.0.2)

set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...

GHSA-4JQC-8M5R-9RPR Prototype Pollution in set-value

This affects the package set-value. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

3gtel-frontend-platform (=1.0.0), @achieve-all/v-element (=1.0.0) +1000 more potentially affected by CVE-2021-23440 via set-value (>=0.1.6 <=1.0.0)

set-value NPM version =0.1.6, =5.0.0, =4.0.2, =0.1.1, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =2.0.0, =2.0.16 and more Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...

Prototype Pollution

Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442. PoC 1 var jsdata = require'js-data'; var obj = ; var payload =...

Prototype Pollution

set-value is vulnerable to prototype pollution. Lack of validation in type of user-provided keys in the path parameter causes a bypass of CVE-2019-10747. The exploit is possible when the user-provided keys used in the path parameter are arrays...

CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

AZL-45225 CVE-2021-23440 affecting package js-jquery 3.5.0-4

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

DEBIAN-CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

UBUNTU-CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

Type confusion

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

CVE-2021-23440 Prototype Pollution

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

CVE-2021-23440

CVE-2021-23440 is tied to a vulnerability in the Node.js set-value package (prototype pollution/type confusion) that affects versions =3.0.0

CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

set-value 安全漏洞

set-value is a module that can set nested values on objects using dot representation. A security vulnerability exists in set-value that stems from a type confusion vulnerability that could lead to a bypass of CVE-2019-10747 when the user-supplied key used in the path parameter is an array...

CVE-2021-32724

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...

kernel: slab-out-of-bounds access in xdr_set_page_base() in net/sunrpc/xdr.c

A flaw was found in the Linux kernel that allows remote attackers to cause a denial of service xdrsetpagebase slab-out-of-bounds access by performing many NFS 4.2 READPLUS operations. The highest threat from this vulnerability is to system availability...

ALSA-2021:3447 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: powerpc: KVM guest OS users can cause host OS memory corruption CVE-2021-37576 kernel: slab-out-of-bounds access in xdrsetpagebase in net/sunrpc/xdr.c CVE-2021-38201 For more details abou...

Prototype Pollution

objection is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the set and zipObject function...

Large Validator Sets/Rapid Validator Set Updates May Freeze the Bridge or Relayers

Handle nascent Vulnerability details In a similar vein to "Freeze The Bridge Via Large ERC20 Names/Symbols/Denoms", a sufficiently large validator set or sufficiently rapid validator update could cause both the ethoraclemainloop and relayermainloop to fall into a state of perpetual errors. In...