_safeMint Will Fail Due To An Edge Case In Calculating tokenId Using The _generateNewTokenId Function

Handle leastwood Vulnerability details Impact NFTs are used to represent unique positions referenced by the generated tokenId. The tokenId value contains the position's score in the upper 128 bits and the index wrt. the token supply in the lower 128 bits. When positions are unlocked after expirin...

GHSA-VPF5-82C8-9V36 Prototype Pollution in algoliasearch-helper

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...

Prototype Pollution in algoliasearch-helper

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...

CVE-2021-23433

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...

Design/Logic Flaw

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...

CVE-2021-23433

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...

Prototype Pollution

Overview merge-deep2 is a Recursively merge values in a javascript object. Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function. PoC // Create the following PoC file: // PoC.js var mergeDeep2 = require"merge-deep2" var obj = var maliciouspayload =...

PT-2021-22477 · Apache · Apache Echarts

Name of the Vulnerable Software and Affected Versions: ZRender versions prior to 5.2.1 Apache ECharts versions prior to 5.2.1 Description: The issue results in prototype pollution when using merge and clone helper methods in the src/core/util.ts module. It affects Apache ECharts, which uses and...

UBUNTU-CVE-2021-39253

A crafted NTFS image can cause an out-of-bounds read in ntfsrunlistsmergei in NTFS-3G 2021.8.22...

GHSA-58G2-9FQR-36Q2 Prototype Pollution in Proto

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

Prototype Pollution in Proto

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

Prototype Pollution

Proto is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the merge function...

CVE-2021-23426

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

Design/Logic Flaw

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

CVE-2021-23426

Proto is vulnerable to prototype pollution via the merge function across all versions. The root cause is an unsafe recursive merge (and related path-based pollution) that can inject properties into Object.prototype (proto , constructor, prototype). Potential impact includes DoS and possible remot...

CVE-2021-23426 Prototype Pollution

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

CVE-2021-23426

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function...

Prototype Pollution

Overview Proto is an An extensible program-code-template for creating objects Affected versions of this package are vulnerable to Prototype Pollution. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function. PoC var proto = require'Proto...

Unspecified vulnerability in ts-nodash

ts-nodash is a tool that provides object manipulation. A security vulnerability exists in ts-nodash that stems from a lack of validated input, and all versions of package -nodash are vulnerable to prototype contamination via the Merge function. No detailed vulnerability details are provided at th...

CVE-2021-23403

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge function due to lack of validation input...