Headline

GHSA-ff9j-pwxg-q5p2: deep-parse-json vulnerable to Prototype Pollution

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the __proto__ property to be edited.

2 years ago

ghsa

Open in Source

#js #git

deep-parse-json vulnerable to Prototype Pollution

Moderate severity GitHub Reviewed Published Nov 4, 2022 • Updated Nov 8, 2022

2 years ago

CVE

Open in Source

#nodejs #js #git #java

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

1 hour ago

ghsa

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

1 hour ago

ghsa

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

1 hour ago

ghsa

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

4 hours ago

ghsa

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

4 hours ago

ghsa

Headline

GHSA-ff9j-pwxg-q5p2: deep-parse-json vulnerable to Prototype Pollution

Related news

ghsa: Latest News