PT-2024-28319 · Amoyjs · Amoyjs

Name of the Vulnerable Software and Affected Versions: amoyjs amoy common version 1.0.10 Description: The issue is related to a prototype pollution vulnerability via the setValue function. This allows attackers to execute arbitrary code or cause a Denial of Service DoS by injecting arbitrary...

GHSA-VFVJ-3M3G-M532 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

Summary Fuzz testing on crossplane/crossplane, by Ada Logics and sponsored by the CNCF, identified input to a function in the fieldpath package that can cause an out of memory panic. Applications that use the Paved type's SetValue method with user provided input without proper validation might us...

fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

Summary Fuzz testing on crossplane/crossplane, by Ada Logics and sponsored by the CNCF, identified input to a function in the fieldpath package that can cause an out of memory panic. Applications that use the Paved type's SetValue method with user provided input without proper validation might us...

GO-2023-1623 Out-of-memory panic in github.com/crossplane/crossplane-runtime

An out of memory panic vulnerability exists in the crossplane-runtime libraries. Applications that use the Paved type's SetValue method with user-provided input that is not properly validated might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the...

Denial Of Service (DoS)

github.com/crossplane/crossplane-runtime is vulnerable to Denial Of Service DoS. The vulnerability exists due to the Pave and setValue functions in paved.go because it does not enforce the max index size of a field path, allowing an attacker to use excessive memory and cause an application crash...

CVE-2023-27483

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

CVE-2023-27483 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

CVE-2023-27483

CVE-2023-27483 affects crossplane-runtime: the fieldpath package’s Paved.SetValue can grow slices to very large sizes when given unvalidated input, causing an out-of-memory panic. Affected code path is the Paved.SetValue method that writes values along a path without validation, with the index ca...

Prototype Pollution

madlib-object-utils is vulnerable to prototype pollution. The vulnerability exists in the utils.js due to lack of validation in setValue which allows an attacker to inject and execute arbitrary code...

GHSA-PFV6-PRQM-85Q8 Prototype Pollution in madlib-object-utils

The package madlib-object-utils before version 0.1.8 is vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701...

Prototype Pollution in madlib-object-utils

The package madlib-object-utils before version 0.1.8 is vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701...

UBUNTU-CVE-2022-24279

The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701...

Design/Logic Flaw

The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701...

CVE-2022-24279

The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701...

CVE-2022-24279

CVE-2022-24279 affects the package madlib-object-utils before 0.1.8. It is vulnerable to Prototype Pollution via the setValue method, allowing an attacker to merge object prototypes into the package. The vulnerability derives from an incomplete fix of CVE-2020-7701. The provided documents describ...

CVE-2022-24279

The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701...

Prototype Pollution

Overview madlib-object-utils is an A small set of utility functions for working with objects Affected versions of this package are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an...

GHSA-9829-JJ5P-J6HF Prototype Pollution in worksmith

All versions up to and including 1.0.0 of the package worksmith are vulnerable to Prototype Pollution via the setValue function...

Prototype Pollution in nis-utils

All versions of package nis-utils up to and including 0.6.10 are vulnerable to Prototype Pollution via the setValue function...

GHSA-GR58-J5WH-M333 Prototype Pollution in nis-utils

All versions of package nis-utils up to and including 0.6.10 are vulnerable to Prototype Pollution via the setValue function...