CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4279 – Starcounter-Jack JSON-Patch prototype pollution
https://notcve.org/view.php?id=CVE-2021-4279
25 Dec 2022 — A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Starcounter-Jack/JSON-Patch/commit/7ad6af41eabb2d799f698740a91284d762c955c9 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2018-14632 – atomic-openshift: oc patch with json causes masterapi service crash
https://notcve.org/view.php?id=CVE-2018-14632
06 Sep 2018 — An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. Puede ocurrir una escritura fuera de límites al parchear un objeto Openshift mediante la funcionalidad "oc patch" en OpenShift Container Platform, en versiones anteriores a la 3.7. Un atacante puede emplear este error para provoca... • https://access.redhat.com/errata/RHBA-2018:2652 • CWE-787: Out-of-bounds Write •