Filtered by vendor Redhat Subscriptions
Filtered by product Quay Subscriptions

Search

Switch to Advanced Search (Beta)
Total 86 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-3721 3 Lodash, Netapp, Redhat 4 Lodash, Active Iq Unified Manager, System Manager and 1 more 2024-11-21 6.5 Medium
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVE-2018-21270 2 Nodejs, Redhat 2 Node.js, Quay 2024-11-21 6.5 Medium
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
CVE-2018-1107 2 Is-my-json-valid Project, Redhat 2 Is-my-json-valid, Quay 2024-11-21 5.3 Medium
It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated.
CVE-2018-16492 2 Extend Project, Redhat 2 Extend, Quay 2024-11-21 N/A
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
CVE-2017-16138 2 Mime Project, Redhat 2 Mime, Quay 2024-11-21 N/A
The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
CVE-2017-16137 2 Debug Project, Redhat 2 Debug, Quay 2024-11-21 N/A
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.