{"vulnerability": "CVE-2021-2340", "sightings": [{"uuid": "adba84fa-5e8b-4d82-97a5-199698a2d7bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23402", "type": "seen", "source": "https://t.me/cibsecurity/25902", "content": "\u203c CVE-2021-23402 \u203c\n\nAll versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-02T20:32:20.000000Z"}, {"uuid": "21aca72c-2ff1-43e2-9b03-71d8e5a0f664", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23406", "type": "seen", "source": "https://t.me/cibsecurity/27756", "content": "\u203c CVE-2021-23406 \u203c\n\nThis affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T12:23:46.000000Z"}, {"uuid": "1db8432e-8698-4ffc-8b8e-3ac5f88e6961", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23409", "type": "seen", "source": "https://t.me/cibsecurity/26303", "content": "\u203c CVE-2021-23409 \u203c\n\nThe package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-21T12:44:09.000000Z"}, {"uuid": "b6cd7289-4992-485d-a612-3b4b2824415a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23401", "type": "seen", "source": "https://t.me/cibsecurity/25911", "content": "\u203c CVE-2021-23401 \u203c\n\nThis affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\\\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-05T14:35:35.000000Z"}, {"uuid": "ad742d02-85c9-4437-bcad-dd0e519ccd47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23400", "type": "seen", "source": "https://t.me/cibsecurity/25779", "content": "\u203c CVE-2021-23400 \u203c\n\nThe package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-29T16:28:47.000000Z"}, {"uuid": "1d12de5f-a7cb-47a7-8682-701ea5eb1080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23406", "type": "seen", "source": "https://t.me/thehackernews/1508", "content": "A high-severity remote code execution vulnerability (CVE-2021-23406) has been identified in Pac-Resolver, a popular NPC package with about 3 million weekly downloads, affecting Node.js applications.\n\nRead: https://thehackernews.com/2021/09/critical-bug-reported-in-npm-package.html", "creation_timestamp": "2021-09-13T15:55:18.000000Z"}]}