Lucene search
K

6 matches found

Veracode
Veracode
added 2023/05/08 2:35 a.m.13 views

Prototype Pollution

@aedart/support is vulnerable to Prototype Pollution. The vulnerability exists in the resolveMetadataRecord function of meta.ts when merged with a base class metadata object in the meta decoder, which allows an attacker to inject properties into existing prototypes via the MetadataRecord attribut...

3.7CVSS4.6AI score0.00482EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/05/01 2:1 p.m.16 views

GHSA-WWXH-74FX-33C6 Possible prototype pollution in metadata record, when using meta decorator

Impact Possible prototype pollution for the MetadataRecord, when merged with a base class' metadata object, in meta decorator from the @aedart/support package. The likelihood is questionable, given that a class' metadata can only be set or altered when the class is decorated via meta. Furthermore...

3.7CVSS3.8AI score0.00482EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/05/01 2:1 p.m.17 views

Possible prototype pollution in metadata record, when using meta decorator

Impact Possible prototype pollution for the MetadataRecord, when merged with a base class' metadata object, in meta decorator from the @aedart/support package. The likelihood is questionable, given that a class' metadata can only be set or altered when the class is decorated via meta. Furthermore...

3.7CVSS4.6AI score0.00482EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/04/28 9:15 p.m.21 views

Design/Logic Flaw

@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version 0.6.1, there is a possible prototype pollution issue for the MetadataRecord, when merged with a base class' metadata object, in meta decorator from the @aedart/support package. The...

2.6CVSS4AI score0.00482EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.4 views

PT-2023-23013 · Unknown · @Aedart/Support

Name of the Vulnerable Software and Affected Versions: @aedart/support versions prior to 0.6.1 Description: The issue concerns a possible prototype pollution for the MetadataRecord, when merged with a base class' metadata object, in meta decorator from the @aedart/support package. The likelihood ...

3.7CVSS3.9AI score0.00482EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2023/04/28 12:0 a.m.21 views

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version 0.6.1, there is a possible prototype pollution issue for the MetadataRecord, when merged with a base class' metadata object, in meta decorator from the @aedart/support package. The...

3.7CVSS6.6AI score0.00482EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder