17 matches found
EUVD-2022-2258
Malicious code in bioql PyPI...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-21189 DESCRIPTION: Node.js dexie module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the Dexie.setByKeyPathobj, keyPath,...
Prototype Pollution
dexie is vulnerable to prototype pollution. An attacker is able to add or modify properties of the Object.prototype via the Dexie.setByKeyPath function, which does not properly check whether the keys have been set like proto or constructor, leading to prototype pollution vulnerability...
@alma3lol/react-mvvm (>=1.0.0 <=1.3.0), @alveo-vl/jsalveo (=0.1.0) +280 more potentially affected by CVE-2022-21189 via dexie (>=1.3.6 <=3.2.1)
dexie NPM version =1.3.6, =1.0.0, =0.1.0, =2.1.0-testnet.79, =2.2.0-alpha.5, =0.5.1, =0.1.29-alpha.0, =0.0.1, =0.8.7, =0.9.14, =0.9.21, =0.9.14, =0.5.1, =1.0.0 and more Source cves: CVE-2022-21189 Source advisory: OSV:GHSA-3XGX-R9J4-QW9W...
@bildvitta/vuex-offline (>=3.0.0-beta.0 <=3.0.0-beta.3), @indexeddb-orm/idb-orm (>=0.0.1 <=0.0.3) +4 more potentially affected by CVE-2022-21189 via dexie (>=4.0.0-alpha.1 <=4.0.0-alpha.2)
dexie NPM version =4.0.0-alpha.1, =3.0.0-beta.0, =0.0.1, =1.0.0, =1.0.0, =11.5.0, =12.4.1 Source cves: CVE-2022-21189 Source advisory: OSV:GHSA-3XGX-R9J4-QW9W...
GHSA-3XGX-R9J4-QW9W Prototype Pollution in Dexie
Dexie is a minimalistic wrapper for IndexedDB. The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This c...
Prototype Pollution in Dexie
Dexie is a minimalistic wrapper for IndexedDB. The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This c...
CVE-2022-21189
The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...
CVE-2022-21189
The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...
Design/Logic Flaw
The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...
CVE-2022-21189 Prototype Pollution
The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...
CVE-2022-21189
CVE-2022-21189 affects Dexie.js: prototype pollution in Dexie.setByKeyPath(obj, keyPath, value) allows adding/modifying properties on Object.prototype. Affected: Dexie.js
Dexie 安全漏洞
Dexie is a wrapper library for indexedDB a standard database in the browser that provides a clean database API. A security vulnerability exists in Dexie versions prior to 3.2.2, 4.0.0-alpha.1 through 4.0.0-alpha.3, which can be exploited by an attacker to cause a Denial of Service DoS attack...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties of the Object.prototype leading to...
@amedia/user (>=0.1.0 <=0.3.2), @aztec/alpha-sdk (=2.2.0) +61 more potentially affected by CVE-2022-21189 via dexie (>=3.0.0-rc.3 <=3.0.3)
dexie NPM version =3.0.0-rc.3, =0.1.0, =2.1.0-testnet.79, =2.2.0-alpha.5, =0.0.1-beta.1, =0.2.20, =0.14.37, =1.0.0, =2.2.0-alpha.3, =0.5.7, =0.5.7, =0.0.3, =0.0.3, =0.0.3, =0.0.6 and more Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...
@mdn/yari (>=0.14.3 <=0.14.14), @thomasrandolph/taproot (=0.48.3) +7 more potentially affected by CVE-2022-21189 via dexie (>=3.1.0-beta.12 <=3.2.1)
dexie NPM version =3.1.0-beta.12, =0.14.3, =1.293.0, =1.3.0-shadowmanager.3, =0.0.181, =1.0.4, =0.1.0, =0.1.0, =0.1.1, =0.1.8 Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...
@bildvitta/vuex-offline (>=3.0.0-beta.0 <=3.0.0-beta.3), @indexeddb-orm/idb-orm (>=0.0.1 <=0.0.3) +4 more potentially affected by CVE-2022-21189 via dexie (>=4.0.0-alpha.1 <=4.0.0-alpha.2)
dexie NPM version =4.0.0-alpha.1, =3.0.0-beta.0, =0.0.1, =1.0.0, =1.0.0, =11.5.0, =12.4.1 Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...