3 matches found
generator-rest (=0.2.0), nodejsamazingenerator (>=1.0.0 <=1.70.60-stable) potentially affected by CVE-2022-25296 via bodymen (=1.1.1)
bodymen NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on bodymen and may be impacted: - generator-rest =0.2.0 - nodejsamazingenerator =1.0.0, =1.70.60-stable Source cves: CVE-2022-25296 Source advisory: OSV:GHSA-VHXC-FHM5-QCP9...
CVE-2022-25296
creationtimestamp| type| source ---|---|--- 2022-03-17 15:21:39+00:00| seen| https://t.me/cibsecurity/39138...
CVE-2022-25296
The CVE-2022-25296 entry concerns the npm package bodymen. Multiple trusted sources (GHSA and OSV entries) describe a Prototype Pollution flaw in bodymen, where the handler can be tricked into adding or modifying properties on Object.prototype via a proto payload. The vulnerability is tied to an ...