CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions.
This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655).




*   **Attack Complexity**
    
    Low
    
*   **Availability**
    
    High
    

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JAVA-ORGWEBJARSBOWER-2320790
    
*   **published**
    
    16 Dec 2021
    
*   **disclosed**
    
    13 Sep 2021
    
*   **credit**
    
    Sourav Kumar
    

**How to fix?**

**Overview**

**PoC #1**

**PoC #2**

**Details**

**Types of attacks**

**Affected environments**

**How to prevent**

**References**

Headline

CVE-2021-23574: Prototype Pollution in org.webjars.bower:js-data | CVE-2021-23574 | Snyk

CVE: Latest News