CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6376 – ejson shell parser in MongoDB Compass maybe bypassed
https://notcve.org/view.php?id=CVE-2024-6376
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. • https://jira.mongodb.org/browse/COMPASS-7496 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-38990
https://notcve.org/view.php?id=CVE-2024-38990
Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que Tada5hi sp-common v0.5.4 contiene un prototipo de contaminación a través de la función mergeDeep. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/ae5f6b0d8f5d7de716e6af6d189b2169 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-39236
https://notcve.org/view.php?id=CVE-2024-39236
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. • https://github.com/Aaron911/PoC/blob/main/Gradio.md https://github.com/advisories/GHSA-9v2f-6vcg-3hgv https://github.com/gradio-app/gradio/issues/8853 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-39002
https://notcve.org/view.php?id=CVE-2024-39002
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-38993
https://notcve.org/view.php?id=CVE-2024-38993
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. Se descubrió que rjrodger jsonic-next v2.12.1 contenía un prototipo de contaminación a través de la función vacía. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario o provocar una denegación de servicio (DoS) mediante la inyección de propiedades arbitrarias. • https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 • CWE-94: Improper Control of Generation of Code ('Code Injection') •