In dojo the deepCopy method is vulnerable to prototype pollution which could result in code injection. Upstream Reference:
Created dojo tracking bugs for this issue: Affects: epel-all [
….
Source link
[Bug 1812404] CVE-2020-5258 dojo: Prototype pollution in deepCopy method could result in code injection
RELATED STORIES
Leading cyber security company Sophos has notified some customers via email about a data security...
CVSS Meta Temp Score CVSS is a standardized scoring system to determine possibilities of attacks....
A vulnerability classified as problematic was found in CologneBlue Skin up to 1.35 on MediaWiki....
GitHub fixes ‘high severity’ security flaw spotted by Google. Two weeks after Google disclosed a...
[*] # Exploit Title: Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection # Date: 13/09/2020...
An update that fixes three vulnerabilities is now available. SUSE Security Update: Security update for...
The Odyssey Team updated its iOS 13-centric Odyssey jailbreak tool at the crack of dawn...
Drupal是使用PHP语言编写的开源内容管理框架。 近日 Drupal官方发布安全更新,修复了 CVE-2020-13671 Drupal 远程代码执行漏洞。由于Drupal core 没有正确地处理上传文件中的某些文件名,攻击者通过上传恶意文件,在某些特定的配置下可能会被当作 php 解析,从而导致远程代码执行。Drupal 用户应尽快采取安全措施阻止漏洞攻击。 影响范围 Drupal 9.0.8; Drupal...
Risk High Patch available YES Number of vulnerabilities 9 CVE ID CVE-2020-7550CVE-2020-7551CVE-2020-7552CVE-2020-7553CVE-2020-7554CVE-2020-7555CVE-2020-7556CVE-2020-7557CVE-2020-7558 CWE ID CWE-119CWE-787CWE-125...
Η Microsoft εργάζεται για τη διόρθωση ενός σφάλματος στο update KB4586786 που κυκλοφόρησε την προηγούμενη...
You must be logged in to post a comment.