Résumé
flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key
Références
Vulnérabilités liées
Tout Supply chain →- MEDIUMGHSA-2JX3-65F3-XR8R
spomky-labs/otphp: Mass-assignment in Factory::loadFromProvisioningUri lets a hostile provisioning URI corrupt OTP state or leak an uncaught TypeError
- HIGHGHSA-869J-R97X-HX2G
Anki's local HTTP server does not sufficiently validate requests
- MEDIUMGHSA-JV2J-MQMW-XVV5
SurrealDB: Denial of Service via deep operator chains
- MEDIUMGHSA-HV6H-HC26-Q48P
SurrealDB: Field-level SELECT permissions bypassed via graph and reference traversals
- MEDIUMGHSA-H4H3-3RFJ-X6FQ
SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field
- HIGHGHSA-CC8F-FCX3-GPJR
SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter