Design/Logic Flaw

This affects all versions of package decal. The vulnerability is in the extend function...

CVE-2020-28450

CVE-2020-28450 concerns the package decal and stems from the vulnerable extend function, enabling prototype pollution across all versions. Multiple connected advisories (GHSA-J32X-J8PJ-PG2H; OSV GHSA-J32X-J8PJ-PG2H; SNYK-JS-DECAL-1051028; Veracode) describe the risk of injecting properties into O...

Shinuza Decimal-js Security Vulnerability

Shinuza Decimal-js is a Javascript-based codebase used to provide decimal calculations for Node applications by Shinuza Individual Developers. A security vulnerability exists in Shinuza Decimal-js, which stems from the extend function...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. The vulnerability is in the extend function. PoC const decal = require'decal'; console.log'Before:', .polluted; const o = JSON.parse'"proto":"polluted":"1"'; decal.extend, true, o; console.log'After:', .polluted;...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

GHSA-6PQ3-928Q-X6W6 Prototype Pollution

All versions of utils-extend are vulnerable to prototype pollution. The extend function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...

Prototype Pollution

All versions of utils-extend are vulnerable to prototype pollution. The extend function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...

Prototype Pollution

Overview fine-uploader is a npm package for upload. Note: This project is no longer maintained and the the package should be considered deprecated. Affected versions of this package are vulnerable to Prototype Pollution. Given a value such as proto, this value is used by the extend function witho...

CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

Remote code execution

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

Arbitrary Code Execution

Overview node-extend is an extend for node.js. Affected versions of this package are vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution. PoC var...

Prototype Pollution

Overview All versions of utils-extend are vulnerable to prototype pollution. The extend function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. The extend function can be tricked into modifying the prototype of Object when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that wi...