#rce

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.

A list of topics we covered in the week of October 30 to November 5 of 2023

Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of […]

### Summary There is a Prototype Pollution(PP) vulnerability in dot-diver. It can leads to RCE. ### Details ```javascript //https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277 // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access objectToSet[lastKey] = value ``` In this code, there is no validation for Prototpye Pollution. ### PoC ```javascript import { getByPath, setByPath } from '@clickbar/dot-diver' console.log({}.polluted); // undefined setByPath({},'constructor.prototype.polluted', 'foo'); console.log({}.polluted); // foo ``` ### Impact It is Prototype Pollution(PP) and it can leads to Dos, RCE, etc. ### Credits Team : NodeBoB 최지혁 ( Jihyeok Choi ) 이동하 ( Lee Dong Ha of ZeroPointer Lab ) 강성현    ( kang seonghyeun ) 박성진    ( sungjin park ) 김찬호    ( Chanho Kim ) 이수영    ( Lee Su Young ) 김민욱    ( MinUk Kim )

A remote code execution vulnerability in Apache ActiveMQ is being used by the HelloKItty ransomware group.

PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.

Subrion 4.2.1 has a remote command execution vulnerability in the backend.

The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments. "Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials from the Cloud Service Provider (CSP)," cloud

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability