Prototype Pollution

vconsole is vulnerable to Prototype Pollution. An attacker can inject properties into existing prototypes via the setOption function of core.ts and modify the proto attribute in the keyOrObj parameter...

CVE-2021-39227 Fix prototype pollution in the zrender merge and clone helper methods

ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using merge and clone helper methods in the src/core/util.ts module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports...

OSV-2020-555 Heap-use-after-free in WelsDec::CWelsDecoder::SetOption

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18747 Crash type: Heap-use-after-free WRITE 1 Crash state: WelsDec::CWelsDecoder::SetOption decoderfuzzer.cpp WelsCommon::WelsFree...

openh264:decoder_fuzzer: Heap-use-after-free in WelsDec::CWelsDecoder::SetOption

Project: https://github.com/cisco/openh264.git Detailed Report: https://oss-fuzz.com/testcase?key=5693903391162368 Project: openh264 Fuzzing Engine: libFuzzer Fuzz Target: decoderfuzzer Job Type: libfuzzerasani386openh264 Platform Id: linux Crash Type: Heap-use-after-free WRITE 1 Crash Address:...