Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution in the code generation. An attacker who has achieved prototype pollution by a different exploit can execute arbitrary JavaScript code by polluting...

Prototype Pollution

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Prototype Pollution via the uneval method. An attacker can manipulate object prototypes by supplying...

Prototype Pollution

Overview set-in is a set value of nested associative structure given array of keys Affected versions of this package are vulnerable to Prototype Pollution via the set-in function. An attacker can modify the prototype of built-in objects by supplying crafted input that leverages Array.prototype,...

Prototype Pollution

Overview @casl/ability is a CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access Affected versions of this package are vulnerable to Prototype Pollution via the rulesToFields which handles object properties. An attacker can inject...

Prototype Pollution

Overview org.webjars.npm:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete methods held in properties of global prototypes b...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete methods held in properties of global prototypes but cannot overwrite those properties. Details Prototype Pollution is a vulnerability affecting JavaScript...

Prototype Pollution

Overview parse is a library that gives you access to the powerful Parse Server backend from your JavaScript app. Affected versions of this package are vulnerable to Prototype Pollution which allows an attacker to execute arbitrary code remotely by injecting a malicious payload into affected APIs,...

EUVD-2018-0511

Malware in sbrugna...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or denial of service. Details Prototype...

Prototype Pollution

Overview sassdoc-extras is a SassDoc's Toolbelt Affected versions of this package are vulnerable to Prototype Pollution via the byGroupAndType function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or...

Prototype Pollution

Overview org.webjars.npm:rollbar is an Effortlessly track and debug errors in your JavaScript applications with Rollbar. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. Affected versions of this package are...

Prototype Pollution

Overview csvjson is a convert csv to json and json to csv Affected versions of this package are vulnerable to Prototype Pollution via the toCsv function. An attacker can cause a denial of service by injecting properties into Object.prototype through a crafted payload. Details Prototype Pollution ...

Prototype Pollution

Overview messageformat is an Intl.MessageFormat / Unicode MessageFormat 2 parser, runtime and polyfill Affected versions of this package are vulnerable to Prototype Pollution via improper handling of message key paths containing special characters in the process when processing nested message key...

Prototype Pollution

Overview rollbar is an Effortlessly track and debug errors in your JavaScript applications with Rollbar. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. Affected versions of this package are vulnerable to Prototyp...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially leading to application instability or service disruption. Details Prototy...

Prototype Pollution

Overview content-security-policy-parser is a Parse Content Security Policy directives. Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate the Object prototype by supplying a crafted policy name in HTTP queries, potentially...

Prototype Pollution

Overview org.webjars.npm:linkifyjs is a Find URLs, email addresses, hashtags and @mentions in plain-text strings, then convert them into HTML links. Affected versions of this package are vulnerable to Prototype Pollution via the internal assign helper due to improper filtering of the proto...

Prototype Pollution

Overview org.webjars.npm:parse-git-config is a Parse .git/config into a JavaScript object. sync or async. Affected versions of this package are vulnerable to Prototype Pollution via the expandKeys function. An attacker can obtain sensitive information by exploiting the improper handling of key...

Prototype Pollution

Overview org.webjars.bowergithub.kartik-v:php-date-formatter is an A Javascript datetime formatting and manipulation library using PHP date-time formats. Affected versions of this package are vulnerable to Prototype Pollution in php-date-formatter.js. Details Prototype Pollution is a vulnerabilit...

Prototype Pollution

Overview org.webjars.bower:php-date-formatter is an A Javascript datetime formatting and manipulation library using PHP date-time formats. Affected versions of this package are vulnerable to Prototype Pollution in php-date-formatter.js. Details Prototype Pollution is a vulnerability affecting...