GHSA-WHPX-G542-7C7V @cat5th/key-serializer Prototype Pollution vulnerability

harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39018

CVE-2024-39018 affects harvey-woo cat5th/key-serializer v0.2.5. The root cause is a prototype pollution flaw in the query function, enabling attackers to inject properties and potentially execute arbitrary code or cause a Denial of Service. Multiple sources (NVD, Red Hat, Veracode, GHSA, osv, CVE...

CVE-2024-39018

harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-35328

...

CVE-2023-42444 phonenumber panics on parsing crafted RF3966 inputs

phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions 0.3.3+8.13.9 and 0.2.5+8.11.3, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber,...

Authorization

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...