188 matches found
CVE-2020-7714
CVE-2020-7714 affects the npm package confucious via Prototype Pollution in the set function. Affected versions are reported as prior to 0.0.13 (PT-2020-19736), with Snyk listing up to 0.0.12; multiple sources reiterate vulnerability across versions. Root cause is unsafe merging / path-based assi...
CVE-2020-7714 Prototype Pollution
All versions of package confucious are vulnerable to Prototype Pollution via the set function...
CVE-2020-7716
CVE-2020-7716 affects the npm package deeps and is a prototype pollution vulnerability via the set function. Public sources describe affected versions as older than 1.4.6 (GHSA: all versions up to 1.4.5; PT-2020-19738 states prior to 1.4.6). Root cause: unsafe handling in object merging/set that ...
PT-2020-19748 · Gedi · Gedi
Name of the Vulnerable Software and Affected Versions: gedi versions prior to 1.6.4 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which can lead to various security issues. Recommendations: For versions prior...
PT-2020-19738 · Deeps · Deeps
Name of the Vulnerable Software and Affected Versions: deeps versions prior to 1.4.6 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which could lead to various security issues. Recommendations: For versions...
PT-2020-19745 · Tiny-Conf · Tiny-Conf
Name of the Vulnerable Software and Affected Versions: tiny-conf versions prior to 1.1.1 is not mentioned, however, all versions up to and including 1.1.0 are vulnerable, so: tiny-conf versions up to and including 1.1.0 Description: The issue is related to Prototype Pollution via the set function...
PT-2020-19736 · Unknown · Confucious
Name of the Vulnerable Software and Affected Versions: confucious versions prior to 0.0.13 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which can lead to various security issues. Recommendations: For version...
Prototype Pollution
Overview jsonpointer is a Simple JSON Addressing. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC by NerdJS const jsonpointer = require'jsonpointer'; jsonpointer.set, '/proto/polluted', true; console.logpolluted; Details Prototype Pollution is a...
Prototype Pollution
Overview gedi is an An evented data API Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC const gedi = require'gedi'; try gedi.set'proto/polluted', true; catche console.logpolluted; Details Prototype Pollution is a vulnerability affecting JavaScript...
Prototype Pollution
Overview tiny-conf is a Node.js configuration with files, environment variables, command-line arguments, ... pluggable architecture in order to work in the browser & server-side Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC const tinyConf =...
Prototype Pollution
Overview safetydance is an Exception safety in node.js Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const safetydance = require'safetydance'; safetydance.set, 'proto.polluted', true; console.logpolluted; //true Details Prototype Pollution is a...
Prototype Pollution
Overview irrelon-path is an A powerful JSON path processor. Allows you to drill into and manipulate JSON objects with a simple dot-delimited path format e.g. "obj.name". Affected versions of this package are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. POC:...
Prototype Pollution
Overview deeps is a Highly performant utilities to manage deeply nested objects. get, set, merge, flatten, diff etc. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const deeps = require'deeps'; deeps.set, 'proto.polluted', true;...
Prototype Pollution
Overview confucious is an App configuration management. Kind of like nconf, but easier to use, predicable and more flexible. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const confucious = require'confucious'; confucious.set'proto:polluted',...
Prototype Pollution
Overview bmoor is an A basic foundation for other libraries, establishing useful patterbs, and letting them be more. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const bmoor = require'bmoor'; bmoor.set, ""proto.polluted"", true;...
The vulnerability of the set function in the structured data search package SDS of the package manager NPM allows a attacker to execute arbitrary code.
The vulnerability of the set function in the structured data search package SDS of the package manager NPM arises due to insufficient cleaning of the data provided by users. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
Prototype Pollution
kibana is vulnerable to prototype pollution. The vulnerability exists through the improper use of set function of lodash in multiple locations, allowing Object.prototype to be overwritten...
Node.js third-party modules: [keyd] Prototype pollution
I would like to report a prototype pollution vulnerability in keyd module. It allows an attacker to inject properties on Object.prototype. Module module name: keyd version: 1.3.4 npm page: https://www.npmjs.com/package/keyd Module Description A small library for using and manipulating key paths i...
Prototype Pollution
sds is vulnerable to prototype pollution. It accepts the injection of attributes to pollute the properties of the Object.prototype by the attacker using the set function in js/set.js,...
Code injection
sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'...