{"vulnerability": "CVE-2021-2342", "sightings": [{"uuid": "ac657ac6-652a-4d6c-9fd3-f33d2c9202ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23426", "type": "seen", "source": "https://t.me/cibsecurity/28176", "content": "\u203c CVE-2021-23426 \u203c\n\nThis affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-01T18:40:56.000000Z"}, {"uuid": "64440ce6-c657-4b5e-a047-c66b981b7651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23429", "type": "seen", "source": "https://t.me/cibsecurity/27757", "content": "\u203c CVE-2021-23429 \u203c\n\nAll versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-24T12:23:49.000000Z"}, {"uuid": "3573fcda-8754-4796-8521-7422a26945ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23425", "type": "seen", "source": "https://t.me/cibsecurity/27541", "content": "\u203c CVE-2021-23425 \u203c\n\nAll versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-18T20:16:54.000000Z"}, {"uuid": "8b86e0bd-8530-426c-ac78-bb532524ead0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23421", "type": "seen", "source": "https://t.me/cibsecurity/27183", "content": "\u203c CVE-2021-23421 \u203c\n\nAll versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-11T22:38:39.000000Z"}, {"uuid": "8a3f3ed4-5024-45f2-bcf9-a83e2d6be5be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23420", "type": "seen", "source": "https://t.me/cibsecurity/27150", "content": "\u203c CVE-2021-23420 \u203c\n\nThis affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-11T16:38:41.000000Z"}, {"uuid": "962c86d8-5326-4fbb-afd9-fb487f80fb2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23424", "type": "seen", "source": "https://t.me/cibsecurity/27548", "content": "\u203c CVE-2021-23424 \u203c\n\nThis affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-18T20:17:03.000000Z"}]}