exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2022-24999

Status Candidate

Overview

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).

Related Files

Red Hat Security Advisory 2023-3645-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2021-43138, CVE-2022-24999, CVE-2022-25858, CVE-2022-27664, CVE-2022-2880, CVE-2022-36227, CVE-2022-39229, CVE-2022-41715, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361
SHA-256 | 3023d0e9a727cd7cb6e6e20ebd2258d11d98d83016ff62bc73e6192f91c39a04
Red Hat Security Advisory 2023-3265-01
Posted May 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3265-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-23539, CVE-2022-24999, CVE-2022-36227, CVE-2022-40023, CVE-2023-0361, CVE-2023-27535, CVE-2023-28617
SHA-256 | 2f4d2ce380c06ad992921a601a6736c8d549adc40181508ee18c6df486235315
Red Hat Security Advisory 2023-1742-01
Posted Apr 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1742-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, bypass, and denial of service vulnerabilities.

tags | advisory, web, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-35065, CVE-2021-44531, CVE-2021-44532, CVE-2021-44533, CVE-2021-44906, CVE-2022-0235, CVE-2022-21824, CVE-2022-24999, CVE-2022-25881, CVE-2022-3517, CVE-2022-35256, CVE-2022-38900, CVE-2022-43548, CVE-2022-4904
SHA-256 | f28377e6e25b8387aa54cea292997b508ff485520e06f1243636f40bf125d07b
Red Hat Security Advisory 2023-1533-01
Posted Apr 3, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, bypass, and denial of service vulnerabilities.

tags | advisory, web, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2021-35065, CVE-2021-44906, CVE-2022-24999, CVE-2022-25881, CVE-2022-3517, CVE-2022-35256, CVE-2022-38900, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23920
SHA-256 | 1d997c727b547d00a2b7b276e0830053a199463662b5eb3fddb9e968cdd8798e
Red Hat Security Advisory 2023-1428-01
Posted Mar 24, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1428-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service, traversal, and unsanitized input vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2020-36567, CVE-2021-28861, CVE-2021-4235, CVE-2022-1705, CVE-2022-23521, CVE-2022-24999, CVE-2022-25881, CVE-2022-25927, CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-2995, CVE-2022-30631
SHA-256 | cc950d2ab43d2f93dae3bec701ae554c28379d039ec26d5027d656ff0b9558b0
Red Hat Security Advisory 2023-0932-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0932-01 - Update information for Logging Subsystem 5.6.3 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-24999, CVE-2022-2873, CVE-2022-40897, CVE-2022-41222, CVE-2022-41717, CVE-2022-43945, CVE-2022-4415, CVE-2022-45061, CVE-2022-48303
SHA-256 | c3f710ebf4c4a5049a9c7598c825e5edecaca34c90026c872eecece7ce700a31
Red Hat Security Advisory 2023-0930-01
Posted Mar 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0930-01 - Update information for Logging Subsystem 5.5.8 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-24999, CVE-2022-2873, CVE-2022-40897, CVE-2022-41222, CVE-2022-41717, CVE-2022-43945, CVE-2022-4415, CVE-2022-45061, CVE-2022-48303
SHA-256 | 658ffa57cf97948f0f07e630b296ef00eae93213218b2c60f486f12cd075e147
Red Hat Security Advisory 2023-0934-01
Posted Feb 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0934-01 - Migration Toolkit for Applications 6.0.1 release. Red Hat Product Security has rated this update as having a security impact of Important. Issues addressed include denial of service and unsanitized input vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-36567, CVE-2021-35065, CVE-2021-46848, CVE-2022-1304, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22662, CVE-2022-23521, CVE-2022-24999, CVE-2022-2519
SHA-256 | e6ed8e70ae97d3f84dfc5a4c9a7afaff0a6bd21abee5831103acb6746649fd52
Red Hat Security Advisory 2023-0794-01
Posted Feb 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-46848, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-23521, CVE-2022-24999, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2953, CVE-2022-2964
SHA-256 | b3f7dff17d2c1b34b87e26fcbdb2d8609daa0dcdc11f67cc5739af9ecf40a1e6
Red Hat Security Advisory 2023-0612-01
Posted Feb 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0612-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2021-35065, CVE-2021-44906, CVE-2022-0235, CVE-2022-24999, CVE-2022-3517, CVE-2022-43548
SHA-256 | 196b41f4cb8202a5bba53e8e3a83c166222738610e775f61305c8797014467d7
Red Hat Security Advisory 2023-0050-01
Posted Jan 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0050-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, javascript
systems | linux, redhat
advisories | CVE-2021-44906, CVE-2022-0235, CVE-2022-24999, CVE-2022-3517, CVE-2022-43548
SHA-256 | e708c38bc4b436ac8b0802b7f52b3094989a8a194c55f4ff13f1c929fc808c60
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close