Search

Find a vulnerability

Search criteria

    4 vulnerabilities by umbraengineering

    CVE-2018-16460 (GCVE-0-2018-16460)

    Vulnerability from cvelistv5 – Published: 2018-09-07 19:00 – Updated: 2024-09-17 02:42
    VLAI
    Summary
    A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.
    Severity
    No CVSS data available.
    CWE
    • CWE-77 - Command Injection - Generic (CWE-77)
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/390848 x_refsource_MISC
    Impacted products
    Date Public
    2018-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:24:32.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/390848"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ps",
              "vendor": "https://github.com/UmbraEngineering",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            }
          ],
          "datePublic": "2018-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command Injection in ps package versions \u003c1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection - Generic (CWE-77)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T18:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/390848"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-09-07T00:00:00",
              "ID": "CVE-2018-16460",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ps",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "https://github.com/UmbraEngineering"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command Injection in ps package versions \u003c1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection - Generic (CWE-77)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/390848",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/390848"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-16460",
        "datePublished": "2018-09-07T19:00:00.000Z",
        "dateReserved": "2018-09-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:42:51.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3751 (GCVE-0-2018-3751)

    Vulnerability from cvelistv5 – Published: 2018-07-03 21:00 – Updated: 2024-09-17 03:38
    VLAI
    Summary
    The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/311337 x_refsource_MISC
    Date Public
    2018-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.522Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/311337"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The utilities function in all versions \u003c= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-03T20:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/311337"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-05-24T00:00:00",
              "ID": "CVE-2018-3751",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The utilities function in all versions \u003c= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/311337",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/311337"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3751",
        "datePublished": "2018-07-03T21:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:38:17.592Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16460 (GCVE-0-2018-16460)

    Vulnerability from nvd – Published: 2018-09-07 19:00 – Updated: 2024-09-17 02:42
    VLAI
    Summary
    A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.
    Severity
    No CVSS data available.
    CWE
    • CWE-77 - Command Injection - Generic (CWE-77)
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/390848 x_refsource_MISC
    Impacted products
    Date Public
    2018-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:24:32.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/390848"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ps",
              "vendor": "https://github.com/UmbraEngineering",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                }
              ]
            }
          ],
          "datePublic": "2018-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A command Injection in ps package versions \u003c1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection - Generic (CWE-77)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-07T18:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/390848"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-09-07T00:00:00",
              "ID": "CVE-2018-16460",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ps",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "https://github.com/UmbraEngineering"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command Injection in ps package versions \u003c1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection - Generic (CWE-77)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/390848",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/390848"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-16460",
        "datePublished": "2018-09-07T19:00:00.000Z",
        "dateReserved": "2018-09-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:42:51.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3751 (GCVE-0-2018-3751)

    Vulnerability from nvd – Published: 2018-07-03 21:00 – Updated: 2024-09-17 03:38
    VLAI
    Summary
    The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/311337 x_refsource_MISC
    Date Public
    2018-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.522Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/311337"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The utilities function in all versions \u003c= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-03T20:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/311337"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-05-24T00:00:00",
              "ID": "CVE-2018-3751",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The utilities function in all versions \u003c= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/311337",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/311337"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3751",
        "datePublished": "2018-07-03T21:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:38:17.592Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }