Skip Menu |

This queue is for tickets about the Finance-Bank-HDFC CPAN distribution.

Report information
The Basics
Id: 132480
Status: open
Priority: 0/
Queue: Finance-Bank-HDFC
People
Owner: Nobody in particular
Requestors: sundaram.dinesh [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
HDFC_vulnerability.jpg

History Show all quoted text
  Sat May 02 03:45:54 2020 sundaram.dinesh [...] gmail.com - Ticket created
Subject: Reg- Bugs Identified in HDFC Website for your Perusal
Date: Sat, 2 May 2020 13:15:33 +0530
To: bug-Finance-Bank-HDFC [...] rt.cpan.org
From: K S S Kumar <sundaram.dinesh [...] gmail.com>
Dear Team, I have identified the below mentioned Vulnerability in HDFC website. Kindly the Vulnerability at the earliest so that it wont pave a way to any attacker. Description In AngularJS before 1.7.9 the function merge() could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. *Affected Software* NameVersion angular < 1.7.9 Regards, S.Dinesh Kumar.
Download HDFC_vulnerability.jpg
image/jpeg 207.6k

Message body is not shown because sender requested not to inline it.

  Tue May 05 15:11:17 2020 mcgrath.martin [...] gmail.com - Correspondence added
On Sat May 02 08:45:54 2020, sundaram.dinesh@gmail.com wrote: Show quoted text
> Dear Team, > I have identified the below mentioned Vulnerability in HDFC > website. Kindly the Vulnerability at the earliest so that it wont pave a > way to any attacker. > > Description > > In AngularJS before 1.7.9 the function merge() could be tricked into adding > or modifying properties of Object.prototype using a __proto__ payload. > *Affected Software* > NameVersion > angular < 1.7.9 > > Regards, > S.Dinesh Kumar.
Report issues to the bank, this is is the bug tracker for a defunct perl module
  Tue May 05 15:11:18 2020 The RT System itself - Status changed from 'new' to 'open'