Headline

GHSA-653v-rqx9-j85p: deep-object-diff vulnerable to Prototype Pollution

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

2 years ago

ghsa

Open in Source

#js #git #perl

deep-object-diff vulnerable to Prototype Pollution

Moderate severity GitHub Reviewed Published Nov 4, 2022 • Updated Nov 8, 2022

2 years ago

CVE

Open in Source

#nodejs #js #git #java #perl

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

1 hour ago

ghsa

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

1 hour ago

ghsa

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

1 hour ago

ghsa

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

4 hours ago

ghsa

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

4 hours ago

ghsa

Headline

GHSA-653v-rqx9-j85p: deep-object-diff vulnerable to Prototype Pollution

Related news

ghsa: Latest News