Unspecified vulnerability in node-open-graph

node-open-graph is the open source Node.js implementation of Open Graph. node-open-graph versions prior to 0.2.6 have a security vulnerability that could be exploited by an attacker to use proto or constructor load to spoof the function parse to add or modify Object.prototype's properties...

CVE-2021-23419

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

CVE-2021-23419

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

Design/Logic Flaw

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

CVE-2021-23419

Open-Graph (node-open-graph) prior to 0.2.6 is vulnerable to prototype pollution via the parse function, which can be tricked into adding or modifying properties on Object.prototype using a proto or constructor payload. This can lead to unintended behavior or security issues. Remediation: upgrade...

CVE-2021-23419 Prototype Pollution

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

CVE-2021-23419

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

node-open-graph 安全漏洞

node-open-graph is the open source Node.js implementation of Open Graph. node-open-graph versions prior to 0.2.6 have a security vulnerability that could be exploited by an attacker to use proto or constructor load to spoof the function parse to add or modify Object.prototype's properties...

PT-2021-15507 · Unknown · Open-Graph

Name of the Vulnerable Software and Affected Versions: open-graph versions prior to 0.2.6 Description: The issue affects the parse function, which can be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload. This could potentially lead to unintended...

silverscreen (>=0.1.0 <=0.1.2) potentially affected by CVE-2021-23419 via open-graph (=0.1.7)

open-graph NPM version =0.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on open-graph and may be impacted: - silverscreen =0.1.0, =0.1.2 Source cves: CVE-2021-23419 Source advisory: SNYK:JS-OPENGRAPH-1536747...

Prototype Pollution

Overview open-graph is an Open Graph implementation for Node.js. Affected versions of this package are vulnerable to Prototype Pollution. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload. PoC by Snyk // server.js cons...

CVE-2021-29503

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

Cross site scripting

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

CVE-2021-29503 Improper Neutralization of Script-Related HTML Tags in Notes

HedgeDoc is a platform to write and share markdown. HedgeDoc before version 1.8.2 is vulnerable to a cross-site scripting attack using the YAML-metadata of a note. An attacker with write access to a note can embed HTML tags in the Open Graph metadata section of the note, resulting in the frontend...

Mattermost Server Resource Management Error Vulnerability (CNVD-2020-41488)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A resource management error vulnerability exists in Mattermost Server. An attacker could exploit this vulnerability to cause a denial of service memory consumption with OpenGraph...

CVE-2019-5960

Cross-site request forgery CSRF vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2019-5960

CVE-2019-5960 concerns the WordPress plugin WP Open Graph. The set of connected sources confirms a CSRF vulnerability in WP Open Graph version 1.6.1 and earlier that can allow an attacker to perform unauthorized actions on behalf of an administrator when a logged-in user views a malicious page. T...

CVE-2019-5960

Cross-site request forgery CSRF vulnerability in WP Open Graph 1.6.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

WordPress plugin "WP Open Graph" vulnerable to cross-site request forgery

Overview WordPress plugin "WP Open Graph" provided by Custom4Web contains a cross-site request forgery vulnerability CWE-352. Koichi Kuriyama of Cryptography Laboratory,Department ofInformation and Communication Engineering,Tokyo Denki University directly reported this vulnerability to the...