6 matches found
CVE-2020-7600
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
EUVD-2022-6101
Malicious code in bioql PyPI...
CVE-2020-7600
creationtimestamp| type| source ---|---|--- 2022-06-18 00:23:13+00:00| seen| https://t.me/cibsecurity/44761...
CVE-2022-25871
Summary (CVE-2022-25871) : Affects the Node.js middleware querymen . It allows Prototype Pollution through the parameters of the exported function handler(type, name, fn) when user-controlled input is not sanitized; this stems from an incomplete fix of CVE-2020-7600. The CVE entry notes the vulne...
@mohamed.abdelall/omni-backend (>=1.0.0 <=1.1.53), generator-rest (=0.2.0) +7 more potentially affected by CVE-2020-7600 +1 more via querymen (=2.1.4)
querymen NPM version =2.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on querymen and may be impacted: - @mohamed.abdelall/omni-backend =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.1.0, =1.0.14, =1.0.6, =1.4.10 - vulnogram =0.1.0-rc1 Source cves: CVE-2020-760...
CVE-2020-7600
The CVE-2020-7600 entry concerns the Node.js package querymen, where versions prior to 2.1.4 are vulnerable to Prototype Pollution. The vulnerability arises from the ability to control the parameters of the exported function handler(type, name, fn) without proper sanitization, enabling an attacke...