9 matches found
EUVD-2021-1109
Malware in sbrugna...
node-oojs-tool (>=1.0.0 <=1.0.11), node-oojs-utility (>=1.0.5 <=1.2.11) +6 more potentially affected by CVE-2020-7721 via node-oojs (=1.4.0)
node-oojs NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-oojs and may be impacted: - node-oojs-tool =1.0.0, =1.0.5, =0.0.6, =0.1.0, =0.1.1, =0.1.0, =1.0.0, =1.0.5 Source cves: CVE-2020-7721 Source advisory: OSV:GHSA-J4RW-X3VG-C...
GHSA-J4RW-X3VG-C8R7 Prototype Pollution in node-oojs
All versions of package node-oojs up to and including version 1.4.0 are vulnerable to Prototype Pollution via the setPath function...
Prototype Pollution in node-oojs
All versions of package node-oojs up to and including version 1.4.0 are vulnerable to Prototype Pollution via the setPath function...
Prototype Pollution
node-oojs is vulnerable to prototype pollution. The vulnerability exists as the setPath function does not restrict proto headers to be set in objects...
CVE-2020-7721
CVE-2020-7721 affects node-oojs; vulnerable to Prototype Pollution via the setPath function. Affected: versions prior to 1.4.1 (up to 1.4.0 per advisories). Impact includes potential manipulation of Object.prototype, enabling outcomes like DoS or remote code execution in some scenarios. Remediati...
PT-2020-19742 · Npm · Node-Oojs
Name of the Vulnerable Software and Affected Versions: node-oojs versions prior to 1.4.1 Description: The issue concerns Prototype Pollution via the setPath function. This allows for potential manipulation of object properties, which could lead to various security issues. Recommendations: For...
Prototype Pollution
Overview node-oojs is an Object Oriented JavaScript Affected versions of this package are vulnerable to Prototype Pollution via the setPath function. POC: require'node-oojs'; oojs.setPath'proto.polluted':true; console.logpolluted; Details Prototype Pollution is a vulnerability affecting JavaScrip...
node-oojs-tool (>=1.0.0 <=1.0.11), node-oojs-utility (>=1.0.5 <=1.2.11) +6 more potentially affected by CVE-2020-7721 via node-oojs (=1.4.0)
node-oojs NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-oojs and may be impacted: - node-oojs-tool =1.0.0, =1.0.5, =0.0.6, =0.1.0, =0.1.1, =0.1.0, =1.0.0, =1.0.5 Source cves: CVE-2020-7721 Source advisory: SNYK:JS-NODEOOJS-598...