2 matches found
@bigfishtv/tank-form-ui (>=1.1.0 <=1.10.2), @dicdikshaorg/resource-library (=0.0.20) +68 more potentially affected by unknown CVE via fine-uploader (>=5.12.0 <=5.16.2)
fine-uploader NPM version =5.12.0, =1.1.0, =0.0.1, =0.0.7, =0.2.8, =0.3.1, =0.3.97, =0.3.100, =0.3.112, =0.3.80, =0.3.2, =0.3.2, =0.3.82, =0.3.80, =1.0.1-alpha.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-FINEUPLOADER-585902...
Prototype Pollution
Overview fine-uploader is a npm package for upload. Note: This project is no longer maintained and the the package should be considered deprecated. Affected versions of this package are vulnerable to Prototype Pollution. Given a value such as proto, this value is used by the extend function witho...