188 matches found
CVE-2020-28449
This affects all versions of package decal. The vulnerability is in the set function...
Design/Logic Flaw
This affects all versions of package decal. The vulnerability is in the set function...
CVE-2020-28449
CVE-2020-28449 corresponds to a prototype pollution vulnerability in the JavaScript package decal, with the issue located in the set function. Affected software is decal (all versions), and exploitation involves injecting properties into Object.prototype (e.g., via proto or path-based definitions...
Shinuza Decimal-js Security Vulnerability
Shinuza Decimal-js is a Javascript-based codebase used to provide decimal calculations for Node applications by Shinuza Individual Developers. A security vulnerability exists in Shinuza Decimal-js, which stems from the set function...
CVE-2020-28495
This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some case...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution. The vulnerability is in the set function. PoC const decal = require'decal'; console.log'Before:', .polluted; decal.set, "proto.polluted", "1337"; console.log'After:', .polluted; Details Prototype Pollution is a...
nodejs-dot-prop: prototype pollution
A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...
CVE-2020-7737
All versions of package safetydance are vulnerable to Prototype Pollution via the set function...
CVE-2020-7736
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function...
CVE-2020-7737 Prototype Pollution
All versions of package safetydance are vulnerable to Prototype Pollution via the set function...
CVE-2020-7736 Prototype Pollution
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function...
PT-2020-19753 · Bmoor · Bmoor
Name of the Vulnerable Software and Affected Versions: bmoor versions prior to 0.8.12 Description: The issue concerns Prototype Pollution via the set function. Recommendations: For versions prior to 0.8.12, update to version 0.8.12 or later to resolve the issue...
PT-2020-19754 · Unknown · Safetydance
Name of the Vulnerable Software and Affected Versions: safetydance versions all Description: The issue concerns Prototype Pollution via the set function. This affects all versions of the package, allowing for potential manipulation of object properties. Recommendations: For all versions, consider...
Prototype Pollution
keyd is vulnerable to prototype pollution. The vulnerability exists as it does not prevent the proto property to be set when the set function is called...
Prototype Pollution
gedi is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto header to be set through the set function...
Prototype Pollution
deeps is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto header to be set through the set function...
CVE-2020-7724
All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function...
CVE-2020-7716
All versions of package deeps are vulnerable to Prototype Pollution via the set function...
Design/Logic Flaw
All versions of package confucious are vulnerable to Prototype Pollution via the set function...
CVE-2020-7727
Affected software: the gedi package (JavaScript). Vulnerability: Prototype Pollution via the set function. Root cause: unsafe handling of object property paths in set, enabling pollution of Object.prototype under certain inputs. Impact (as stated in related advisories): potential for DoS or remot...