Prototype Pollution in dot-notes

All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function...

GHSA-QR4M-JCVC-3382 Prototype Pollution in dot-notes

All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function...

@decentverse/server (>=0.0.1 <=0.0.148), @swapscanner/truffle-hdwallet-provider-klaytn (=1.4.2) +18 more potentially affected by CVE-2020-7717 via dot-notes (>=1.1.1 <=3.1.1)

dot-notes NPM version =1.1.1, =0.0.1, =1.0.0, =1.0.0, =1.0.1, =1.4.0, =1.0.0, =1.6.4, =0.3.1, =0.0.1, =1.0.0, =0.0.1, =0.1.1 and more Source cves: CVE-2020-7717 Source advisory: OSV:GHSA-QR4M-JCVC-3382...

Prototype Pollution in whitfin/dot-notes-js

Overview dot-notes is a Two way conversions between objects and dot/bracket notation. This package are vulnerable to Prototype Pollution via. the create function. Proof of Concept const dots = require'dot-notes'; dots.create, 'proto.polluted', true; console.logpolluted;...

Prototype Pollution

dot-notes is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2020-7717

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...

Information disclosure

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...

CVE-2020-7717 Prototype Pollution

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...

CVE-2020-7717

CVE-2020-7717 affects the npm package dot-notes. The connected documents clearly describe a prototype pollution flaw in the create function, enabling an attacker to inject properties into object prototypes. The scope covers versions prior to 3.2.1, with remediation recommending an update to 3.2.1...

PT-2020-19739 · Dot-Notes · Dot-Notes

Name of the Vulnerable Software and Affected Versions: dot-notes versions prior to 3.2.1 Description: The issue concerns Prototype Pollution via the create function. This allows for potential manipulation of object properties. Recommendations: For versions prior to 3.2.1, update to version 3.2.1 ...

@decentverse/server (>=0.0.1 <=0.0.148), @swapscanner/truffle-hdwallet-provider-klaytn (=1.4.2) +18 more potentially affected by CVE-2020-7717 via dot-notes (=3.1.1)

dot-notes NPM version =3.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on dot-notes and may be impacted: - @decentverse/server =0.0.1, =1.0.0, =1.0.0, =1.0.1, =1.4.0, =1.0.0, =1.6.4, =0.0.1, =1.0.0, =0.0.1, =0.1.1 and more Source cves: CVE-2020-7717...

Prototype Pollution

Overview dot-notes is a Two way conversions between objects and dot/bracket notation Affected versions of this package are vulnerable to Prototype Pollution via the create function. POC: const dots = require'dot-notes'; dots.create, 'proto.polluted', true; console.logpolluted; Details Prototype...