14 matches found
CVE-2022-23631
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...
EUVD-2022-0835
Malicious code in bioql PyPI...
Prototype Pollution
superjson, is vulnerable to prototype pollution. The vulnerability exists through the 'getDeep' function in 'accessDeep.ts' file allowing an attacker to exploit the vulnerability by injecting arbitrary code on the server...
0pflow (>=0.1.0 <=0.1.0-dev.f5622ac), 128981semzub (=1.0.1) +756 more potentially affected by CVE-2022-23631 via superjson (>=0.0.5 <=1.8.0)
superjson NPM version =0.0.5, =0.1.0, =1.0.0, =1.4.40, =4.0.61, =4.0.61, =0.4.0, =0.0.1, =0.0.1, =5.10.2-alpha.1, =5.10.2-alpha.2, =1.0.0, =2.0.0-alpha.7, =2.8.0, =3.0.0-beta.15 and more Source cves: CVE-2022-23631 Source advisory: OSV:GHSA-5888-FFCR-R425...
Prototype Pollution leading to Remote Code Execution in superjson
Impact This is critical vulnerability, as it allows to run arbitrary code on any server using superjson input, including a Blitz.js server, without prior authentication or knowledge. Attackers gain full control over the server so they could steal and manipulate data or attack further systems. The...
GHSA-5888-FFCR-R425 Prototype Pollution leading to Remote Code Execution in superjson
Impact This is critical vulnerability, as it allows to run arbitrary code on any server using superjson input, including a Blitz.js server, without prior authentication or knowledge. Attackers gain full control over the server so they could steal and manipulate data or attack further systems. The...
CVE-2022-23631
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...
CVE-2022-23631
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...
Design/Logic Flaw
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...
CVE-2022-23631 Prototype Pollution leading to Remote Code Execution in superjson
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...
CVE-2022-23631 Prototype Pollution leading to Remote Code Execution in superjson
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...
CVE-2022-23631
CVE-2022-23631 affects the superjson library used to serialize JavaScript expressions to a superset of JSON. The vulnerability exists in versions prior to 1.8.1 and enables prototype pollution that can lead to arbitrary code execution on servers processing untrusted superjson input via any endpoi...
Superjson 代码注入漏洞
superjson is a superset that securely serializes JavaScript expressions to Json. A code injection vulnerability exists in superjson that allows inputs to run arbitrary code on any server using superjson inputs without prior validation or knowledge. The only requirement is that the server implemen...
PT-2022-16145 · Blitz.Js +1 · Blitz.Js +1
Name of the Vulnerable Software and Affected Versions: superjson versions prior to 1.8.1 Blitz.js versions prior to 0.45.3 Description: The issue allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the serv...