188 matches found
CVE-2022-21803
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...
CVE-2022-21803
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...
Prototype Pollution
libnested is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the set function in the index.js and modify attributes such as proto, constructor, and prototype...
Prototype Pollution in libnested
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. Note: This vulnerability derives from an incomplete fix for CVE-2020-28283...
CVE-2022-25352
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. Note: This vulnerability derives from an incomplete fix for CVE-2020-28283...
CVE-2022-25352 Prototype Pollution
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. Note: This vulnerability derives from an incomplete fix for CVE-2020-28283...
CVE-2022-25352
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. Note: This vulnerability derives from an incomplete fix for CVE-2020-28283...
Dominictarr Libnested 安全漏洞
Dominictarr Libnested is a codebase from the Dominictarr individual developer that provides map, each, get, set, keys functions for basic nested objects. A security vulnerability exists in Dominictarr Libnested, which stems from the set function in index.js being susceptible to prototype...
GHSA-6M85-WVCR-PGW3 Prototype Pollution in safetydance
All versions of package safetydance are vulnerable to Prototype Pollution via the set function...
Prototype Pollution in safetydance
All versions of package safetydance are vulnerable to Prototype Pollution via the set function...
The vulnerability of the mbedtls_ssl_set_session() function lies in the implementation of TLS and SSL protocols. Mbed TLS, which is related to memory reclamation errors, allows attackers to execute arbitrary code.
The vulnerability of the mbedtlssslsetsession function is related to the implementation of TLS and SSL protocols. Mbed TLS is vulnerable to a memory reclamation error. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Prototype Pollution
Overview sds is a structured data search package. Affected versions of this package are vulnerable to Prototype Pollution. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives fr...
CVE-2021-23574
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...
js-data 安全漏洞
js-data is a framework-agnostic, datastore-agnostic ORM for Node.js and browsers. A security vulnerability exists in js-data that stems from packages being susceptible to prototype contamination via the deepFillIn and set functions...
Prototype Pollution
Overview @fabiocaccamo/utils.js is a JavaScript utils for lazy devs. Affected versions of this package are vulnerable to Prototype Pollution via the set and method, which merges the path and value parameters based on the key:value. PoC const utils = require"@fabiocaccamo/utils.js"; const obj = ;...
Prototype Pollution
Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442. PoC 1 var jsdata = require'js-data'; var obj = ; var payload =...
Prototype Pollution
objection is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the set and zipObject function...
GHSA-F9CV-665R-275H Prototype Pollution in merge-change
All current versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function...
total.js 代码注入漏洞
total.js is open source a framework developed using JavaScript for the Node.js platform. It can be used to develop web, desktop, service and IoT platforms. Total.js suffers from a code injection vulnerability that stems from a call to the utils.set function with a user-controlled value in the...
CVE-2021-23421
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function...