Total
20 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5452 | 1 Lightningai | 1 Pytorch Lightning | 2024-10-09 | N/A | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default. | |||||
| CVE-2024-0404 | 2024-04-16 | N/A | 9.1 CRITICAL | ||
| A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker can add a `role` property with `admin` value, thereby gaining administrative access. This issue arises due to the lack of property allowlisting and blocklisting, enabling the attacker to exploit the system and perform actions as an administrator. | |||||
| CVE-2024-3283 | 2024-04-10 | N/A | 7.2 HIGH | ||
| A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_user_mode' system variable, enabling them to access the '/api/system/enable-multi-user' endpoint and create a new admin user. This issue results from the endpoint accepting a full JSON object in the request body without proper validation of modifiable fields, leading to unauthorized modification of system settings and subsequent privilege escalation. | |||||
| CVE-2021-23433 | 1 Algolia | 1 Algoliasearch-helper | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns. | |||||
| CVE-2021-41097 | 1 Bluespire | 1 Aurelia-path | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses `aurelia-path` package to parse a string. The majority of this will be Aurelia applications that employ the `aurelia-router` package. An example is this could allow an attacker to change the prototype of base object class `Object` by tricking an application to parse the following URL: `https://aurelia.io/blog/?__proto__[asdf]=asdf`. The problem is patched in version `1.1.7`. | |||||
| CVE-2021-23449 | 1 Vm2 Project | 1 Vm2 | 2024-02-04 | 7.5 HIGH | 10.0 CRITICAL |
| This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. | |||||
| CVE-2021-25948 | 1 Expand-hash Project | 1 Expand-hash | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25949 | 1 Set-getter Project | 1 Set-getter | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23403 | 1 Ts-nodash Project | 1 Ts-nodash | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. | |||||
| CVE-2021-23417 | 1 Deepmergefn Project | 1 Deepmergefn | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function. | |||||
| CVE-2021-23421 | 1 Merge-change Project | 1 Merge-change | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function. | |||||
| CVE-2021-25945 | 1 Js-extend Project | 1 Js-extend | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23402 | 1 Record-like-deep-assign Project | 1 Record-like-deep-assign | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. | |||||
| CVE-2021-25952 | 1 Just-safe-set Project | 1 Just-safe-set | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-24036 | 1 Fork-cms | 1 Fork Cms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | |||||
| CVE-2020-24914 | 1 Qcubed | 1 Qcubed | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. | |||||
| CVE-2020-7743 | 1 Mathjs | 1 Mathjs | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
| The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | |||||
| CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. | |||||
| CVE-2020-11872 | 1 Bluetrace | 1 Opentrace | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs. | |||||
| CVE-2019-9057 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. | |||||