97 matches found
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
Prototype Pollution
Overview collection.js is a Minimalistic JavaScript library for working with collections of data. Affected versions of this package are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js. PoC javascript var collection = require"collection.js"...
Prototype Pollution
Overview progressbar.js is a Responsive and slick progress bars with animated SVG paths Affected versions of this package are vulnerable to Prototype Pollution via the function extend in the file utils.js. PoC js var progressbar = require"progressbar.js" BADJSON = JSON.parse'"proto":"test":123';...
Prototype Pollution
Overview rangy is an A cross-browser DOM range and selection library Affected versions of this package are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototy...
GHSA-VWHQ-PM3R-FJM9 steal vulnerable to Prototype Pollution via key variable in babel.js
Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js...
CVE-2022-37266
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...
CVE-2022-37266
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...
CVE-2022-37266
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...
CVE-2022-37266
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js...
PT-2022-23906 · Stealjs · Stealjs
Name of the Vulnerable Software and Affected Versions: stealjs steal version 2.2.4 Description: The issue is related to a prototype pollution vulnerability in the extend function in babel.js within stealjs steal. This vulnerability is exploited via the key variable in babel.js. Recommendations: F...
GHSA-GJM5-83CW-P3P2 Prototype Pollution in extend2
The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge...
Prototype Pollution
extend2 is vulnerable to prototype pollution. The vulnerability exists in extend function of index.js as it allows an attacker to pass the value proto through the name variable...
Code injection
The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge...
Out of bounds write in stackvector
StackVec::extend used the lower and upper bounds from an Iterator's sizehint to determine how many items to push into the stack based vector. If the sizehint implementation returned a lower bound that was larger than the upper bound, StackVec would write out of bounds and overwrite memory on the...
GHSA-CG42-4WRC-GP47 Code Injection in node-extend
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...
GHSA-J32X-J8PJ-PG2H Prototype Pollution in decal
This affects all versions of package decal. The vulnerability is in the extend function...
Prototype Pollution in decal
This affects all versions of package decal. The vulnerability is in the extend function...
Prototype Pollution
decal is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the extend function...
CVE-2020-28450
This affects all versions of package decal. The vulnerability is in the extend function...