5 matches found
CVE-2022-25871
creationtimestamp| type| source ---|---|--- 2022-06-18 00:23:13+00:00| seen| https://t.me/cibsecurity/44761...
@mohamed.abdelall/omni-backend (>=1.0.0 <=1.1.53), generator-rest (=0.2.0) +7 more potentially affected by CVE-2022-25871 via querymen (=2.1.4)
querymen NPM version =2.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on querymen and may be impacted: - @mohamed.abdelall/omni-backend =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.1.0, =1.0.14, =1.0.6, =1.4.10 - vulnogram =0.1.0-rc1 Source cves: CVE-2022-258...
CVE-2022-25871 Prototype Pollution
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600...
CVE-2022-25871
Summary (CVE-2022-25871) : Affects the Node.js middleware querymen . It allows Prototype Pollution through the parameters of the exported function handler(type, name, fn) when user-controlled input is not sanitized; this stems from an incomplete fix of CVE-2020-7600. The CVE entry notes the vulne...
@mohamed.abdelall/omni-backend (>=1.0.0 <=1.1.53), generator-rest (=0.2.0) +7 more potentially affected by CVE-2020-7600 +1 more via querymen (=2.1.4)
querymen NPM version =2.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on querymen and may be impacted: - @mohamed.abdelall/omni-backend =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.1.0, =1.0.14, =1.0.6, =1.4.10 - vulnogram =0.1.0-rc1 Source cves: CVE-2020-760...