CVE-2024-27307 JSONata expression can pollute the "Object" prototype

JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...

CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities

Updates 11-27 Blog posts updated to refer to the CVE reports published The Spring Framework 6.0.14 release shipped on November 16th includes a fix for CVE-2023-34053. The Spring Boot 2.7.18 release shipped on November 23th includes fixes for CVE-2023-34055. Users are encouraged to update as soon ...

Hackers actively exploiting 0-day in Ubiquitous Apache Log4j tool

By Waqas Apache has released Log4j version 2.15.0 to address the RCE vulnerability and users are urged to apply the update ASAP. This is a post from HackRead.com Read the original post: Hackers actively exploiting 0-day in Ubiquitous Apache Log4j tool...