PT-2023-31477 · Testlink · Testlink

Name of the Vulnerable Software and Affected Versions: TestLink versions 1.9.20 and earlier Description: The issue allows type juggling for authentication bypass because the === operator is not used. This can lead to unauthorized access. Recommendations: For versions 1.9.20 and earlier, consider...

The utilization of strict equality within the subtractLoss function is susceptible to straightforward manipulation by a potential attacker.

Lines of code Vulnerability details Impact If this equality condition is intentionally disrupted, it will result in the failure of all settlement processes carried out using the settle function. Proof of Concept Tools Used Manual review Recommended Mitigation Steps - collateral.balanceOfaddressth...

_mint721() function can be broken because of strict equality check on token balance

Handle jayjonah8 Vulnerability details Impact In NFTXMarketplaceZap.sol the mint721 function has a require check that the balance must be equal to the amount of vault tokens in the contract. uint256 balance = count BASE - count INFTXVaultvault.mintFee; requirebalance ==...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...