Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2023-26139
HistoryAug 01, 2023 - 5:15 a.m.

CVE-2023-26139

2023-08-0105:15:34
Google
osv.dev
4
underscore-keypath
version 0.0.11
prototype pollution
setproperty() function
improper input sanitization
__proto__ argument

AI Score

7

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “proto”.

Related

osv 1
prion 1
cvelist 1
veracode 1
nvd 1
cve 1
github 1
osv
osv
underscore-keypath vulnerable to Prototype Pollution
2023-08-01 06:30:15
prion
prion
Input validation
2023-08-01 05:15:00
cvelist
cvelist
CVE-2023-26139
2023-08-01 05:00:01
veracode
veracode
Prototype Pollution
2023-08-02 09:25:49
nvd
nvd
CVE-2023-26139
2023-08-01 05:15:34
cve
cve
CVE-2023-26139
2023-08-01 05:15:34
github
github
underscore-keypath vulnerable to Prototype Pollution
2023-08-01 06:30:15

AI Score

7

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON
Related for OSV:CVE-2023-26139
osv1prion1cvelist1veracode1nvd1cve1github1