Prototype Pollution in tiny-conf

All versions of package tiny-conf up to and including version 1.1.0 are vulnerable to Prototype Pollution via the set function...

GHSA-JH2M-J8PP-55RC Prototype Pollution in gedi

All versions of package gedi up to and including version 1.6.3 are vulnerable to Prototype Pollution via the set function...

Prototype Pollution in gedi

All versions of package gedi up to and including version 1.6.3 are vulnerable to Prototype Pollution via the set function...

GHSA-FMRR-MX6J-H3H5 Prototype Pollution in confucious

All versions of package confucious up to and including version 0.0.12 are vulnerable to Prototype Pollution via the set function...

GHSA-RGFV-V3JH-7FFP Prototype Pollution in deeps

All versions of package deeps up to and including version 1.4.5 are vulnerable to Prototype Pollution via the set function...

Prototype Pollution in deeps

All versions of package deeps up to and including version 1.4.5 are vulnerable to Prototype Pollution via the set function...

Prototype Pollution in irrelon-path and @irrelon/path

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...

GHSA-J7CG-H9V9-6VQP Prototype Pollution in irrelon-path and @irrelon/path

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...

GHSA-VP77-FQQP-79J8 Prototype Pollution in decal

This affects all versions of package decal. The vulnerability is in the set function...

Prototype Pollution in decal

This affects all versions of package decal. The vulnerability is in the set function...

Arbitrary Code Execution

Overview total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Arbitrary Code Execution via the U.set and...

Remote Code Execution

total.js is vulnerable to remote code execution. The vulnerability exists in set of utils.js where it does not validate malicious parameter being injected and executed by a malicious user...

GHSA-6CF8-QHQJ-VJQM Prototype pollution in total.js

There is a prototype pollution vulnerability in the package total.js before version 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impa...

CVE-2020-28449

This affects all versions of package decal. The vulnerability is in the set function...

Design/Logic Flaw

This affects all versions of package decal. The vulnerability is in the set function...

CVE-2020-28449

CVE-2020-28449 corresponds to a prototype pollution vulnerability in the JavaScript package decal, with the issue located in the set function. Affected software is decal (all versions), and exploitation involves injecting properties into Object.prototype (e.g., via proto or path-based definitions...

Shinuza Decimal-js Security Vulnerability

Shinuza Decimal-js is a Javascript-based codebase used to provide decimal calculations for Node applications by Shinuza Individual Developers. A security vulnerability exists in Shinuza Decimal-js, which stems from the set function...

CVE-2020-28495

This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some case...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. The vulnerability is in the set function. PoC const decal = require'decal'; console.log'Before:', .polluted; decal.set, "proto.polluted", "1337"; console.log'After:', .polluted; Details Prototype Pollution is a...

nodejs-dot-prop: prototype pollution

A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...