127 matches found
Input validation
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge function due to lack of validation input...
CVE-2021-23403 Prototype Pollution
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge function due to lack of validation input...
CVE-2021-23403
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge function due to lack of validation input...
ts-nodash 安全漏洞
ts-nodash is a tool that provides object manipulation. A security vulnerability exists in ts-nodash that stems from a lack of validated input, and all versions of package -nodash are vulnerable to prototype contamination via the Merge function. No detailed vulnerability details are provided at th...
GHSA-3R8W-MPHV-2F3F Prototype Pollution in lutils
All versions of package lutils are vulnerable to Prototype Pollution via the main merge function...
CVE-2021-23396
All versions of package lutils are vulnerable to Prototype Pollution via the main merge function...
CVE-2021-23396
All versions of package lutils are vulnerable to Prototype Pollution via the main merge function...
Prototype Pollution
Overview ts-nodash is a Provides object manipulation tools. Affected versions of this package are vulnerable to Prototype Pollution via the Merge function due to lack of validation input. PoC const nodash = require"ts-nodash"; let obj = ; console.log"Before being polluted: " + obj.polluted; var...
PT-2021-15489 · Lutils · Lutils
Name of the Vulnerable Software and Affected Versions: lutils versions prior to a fixed version Description: The issue concerns Prototype Pollution via the main merge function. This allows for potential manipulation of the prototype, which can lead to various security issues. Recommendations: For...
Prototype Pollution
merge-deep is vulnerable to prototype pollution. The vulnerability exists as it is possible to overwrite Object.prototype with arbitrary object properties in the merge function...
PT-2021-17969 · Npm · Node.Js Mixme
Name of the Vulnerable Software and Affected Versions: Node.js mixme versions prior to 0.5.1 Description: The issue allows an attacker to add or alter properties of an object via proto through the mutate and merge functions. The polluted attribute will be directly assigned to every object in the...
Prototype Pollution
merge is vulnerable to prototype pollution. The function recursiveMerge allows for an injection of arbitrary properties into existing construct prototypes and modification of attributes such as proto, constructor and prototype...
Prototype Pollution
Amendment This was deemed not a vulnerability. Overview highcharts is a JavaScript charting library based on SVG, with fallbacks to VML and canvas for old browsers. Affected versions of this package are vulnerable to Prototype Pollution via the merge function. The function recursively merges the...
AngularJS: Prototype pollution in merge function could result in code injection
A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...
AngularJS: Prototype pollution in merge function could result in code injection
A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...
Prototype Pollution
merge is vulnerable to prototype pollution. A bypass of the fix for CVE-2018-16469 exists and allows arbitrary properties of the Object prototype to be added or modified via JSON.parse...
Prototype Pollution
Overview @uifabric/utilities is a package that includes a number of basic utility functions required by most Fluent UI React components. Affected versions of this package are vulnerable to Prototype Pollution. The merge function available within the utilities package of FabricUI allows one object...
Node.js third-party modules: [objtools] Prototype pollution
I would like to report a prototype pollution vulnerability in objtools module. It allows an attacker to inject properties on Object.prototype. Module module name: objtools version: 2.0.1 npm page: https://www.npmjs.com/package/objtools Module Description objtools provides several utility function...
CVE-2018-3728
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...
Prototype Pollution
angularjs is vulnerable to prototype pollution. An attacker is able to add or modify properties of the Object.prototype by using a malicious proto object in the merge function, resulting in possible execution of arbitrary code...