Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0557

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02099EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2022/01/06 9:58 p.m.25 views

Prototype Pollution in js-data

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

9.8CVSS4.8AI score0.02099EPSS
Exploits1References8Affected Software1
Veracode
Veracode
added 2021/12/27 7:30 a.m.24 views

Prototype Pollution

js-data is vulnerable to pollution prototype. The vulnerability exists due to an incomplete fix of CVE-2020-28442. A remote attacker is able to inject arbitrary properties into existing construct prototypes and modify attributes via the deepFillIn and the set functions resulting in prototype...

9.8CVSS4AI score0.02099EPSS
Exploits2References5Affected Software1
NVD
NVD
added 2021/12/24 8:15 p.m.34 views

CVE-2021-23574

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

9.8CVSS0.02099EPSS
Exploits1References6
Prion
Prion
added 2021/12/24 8:15 p.m.19 views

Design/Logic Flaw

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

7.5CVSS9.4AI score0.02099EPSS
Exploits2References6Affected Software1
Snyk
Snyk
added 2021/09/13 9:47 a.m.3 views

Prototype Pollution

Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442. PoC 1 var jsdata = require'js-data'; var obj = ; var payload =...

9.8CVSS9AI score0.02099EPSS
Exploits2References2
Cvelist
Cvelist
added 2020/12/15 7:25 a.m.53 views

CVE-2020-28442 Prototype Pollution

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...

7.5CVSS8.6AI score0.01959EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2020/10/29 3:0 p.m.7 views

js-data-dao (=1.0.0) potentially affected by CVE-2020-28442 via js-data (=3.0.0-rc.5)

js-data NPM version =3.0.0-rc.5 is affected by a known vulnerability. The following packages have a transitive dependency on js-data and may be impacted: - js-data-dao =1.0.0 Source cves: CVE-2020-28442 Source advisory: SNYK:JS-JSDATA-1023655...

9.8CVSS7.2AI score0.01959EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2020/06/21 12:0 a.m.79 views

JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)

The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...

7.5CVSS2.7AI score0.05213EPSS
Exploits13
Rows per page
Query Builder