logo
DATABASE RESOURCES PRICING ABOUT US

Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen

Description

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.


Affected Software


CPE Name Name Version
querymen 2.1.4

Related