Total
19 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-0404 | 2024-04-16 | N/A | 9.1 CRITICAL | ||
A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker can add a `role` property with `admin` value, thereby gaining administrative access. This issue arises due to the lack of property allowlisting and blocklisting, enabling the attacker to exploit the system and perform actions as an administrator. | |||||
CVE-2024-3283 | 2024-04-10 | N/A | 7.2 HIGH | ||
A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_user_mode' system variable, enabling them to access the '/api/system/enable-multi-user' endpoint and create a new admin user. This issue results from the endpoint accepting a full JSON object in the request body without proper validation of modifiable fields, leading to unauthorized modification of system settings and subsequent privilege escalation. | |||||
CVE-2023-32079 | 1 Gravitl | 1 Netmaker | 2023-12-10 | N/A | 8.8 HIGH |
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server. | |||||
CVE-2021-23433 | 1 Algolia | 1 Algoliasearch-helper | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns. | |||||
CVE-2021-23449 | 1 Vm2 Project | 1 Vm2 | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. | |||||
CVE-2021-23403 | 1 Ts-nodash Project | 1 Ts-nodash | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. | |||||
CVE-2021-25949 | 1 Set-getter Project | 1 Set-getter | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
CVE-2021-25945 | 1 Js-extend Project | 1 Js-extend | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
CVE-2021-23417 | 1 Deepmergefn Project | 1 Deepmergefn | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function. | |||||
CVE-2021-23421 | 1 Merge-change Project | 1 Merge-change | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function. | |||||
CVE-2021-23402 | 1 Record-like-deep-assign Project | 1 Record-like-deep-assign | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. | |||||
CVE-2021-25952 | 1 Just-safe-set Project | 1 Just-safe-set | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
CVE-2021-25948 | 1 Expand-hash Project | 1 Expand-hash | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
CVE-2020-7743 | 1 Mathjs | 1 Mathjs | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | |||||
CVE-2020-24914 | 1 Qcubed | 1 Qcubed | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. | |||||
CVE-2020-24036 | 1 Fork-cms | 1 Fork Cms | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | |||||
CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. | |||||
CVE-2020-11872 | 1 Bluetrace | 1 Opentrace | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs. | |||||
CVE-2019-9057 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. |