Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1338

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01901EPSS
Exploits1References5
OSV
OSV
added 2022/03/18 12:1 a.m.22 views

GHSA-6956-83FG-5WC5 Prototype Pollution in set-in

The package set-in before 2.0.3 is vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273...

9.8CVSS9.3AI score0.01901EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/03/18 12:1 a.m.25 views

Prototype Pollution in set-in

The package set-in before 2.0.3 is vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273...

9.8CVSS4.6AI score0.01901EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2022/03/17 11:20 a.m.96 views

CVE-2022-25354

CVE-2022-25354 affects the JavaScript package set-in, with versions before 2.0.3 vulnerable to Prototype Pollution via the setIn method. Root cause is an incomplete fix of CVE-2020-28273. Exploitation details are not provided in the documents; public references describe the issue and advisories. ...

9.8CVSS9.1AI score0.01901EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2021/03/19 9:1 p.m.5 views

swear (>=0.0.0 <=0.0.4), tcomb-view (>=2.0.0 <=2.0.3) +1 more potentially affected by CVE-2020-28273 via set-in (=1.1.1)

set-in NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on set-in and may be impacted: - swear =0.0.0, =2.0.0, =0.0.0, =1.0.0 Source cves: CVE-2020-28273 Source advisory: OSV:GHSA-QR4P-C9WR-PHR6...

9.8CVSS7.2AI score0.03878EPSS
Exploits1
Circl
Circl
added 2020/12/02 6:55 p.m.10 views

CVE-2020-28273

creationtimestamp| type| source ---|---|--- 2020-12-02 18:55:04+00:00| seen| https://t.me/cibsecurity/17029 2022-03-17 15:21:44+00:00| seen| https://t.me/cibsecurity/39142...

9.8CVSS8.6AI score0.03878EPSS
Exploits1References2
OSV
OSV
added 2020/12/02 3:15 p.m.20 views

CVE-2020-28273

Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS7.5AI score0.03878EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2020/06/21 12:0 a.m.20 views

JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)

The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...

7.5CVSS2.7AI score0.05213EPSS
Exploits13
Rows per page
Query Builder