Prototype Pollution

Overview jsonpointer is a Simple JSON Addressing. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC by NerdJS const jsonpointer = require'jsonpointer'; jsonpointer.set, '/proto/polluted', true; console.logpolluted; Details Prototype Pollution is a...

Prototype Pollution

Overview gedi is an An evented data API Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC const gedi = require'gedi'; try gedi.set'proto/polluted', true; catche console.logpolluted; Details Prototype Pollution is a vulnerability affecting JavaScript...

Prototype Pollution

Overview tiny-conf is a Node.js configuration with files, environment variables, command-line arguments, ... pluggable architecture in order to work in the browser & server-side Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC const tinyConf =...

Prototype Pollution

Overview safetydance is an Exception safety in node.js Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const safetydance = require'safetydance'; safetydance.set, 'proto.polluted', true; console.logpolluted; //true Details Prototype Pollution is a...

Prototype Pollution

Overview irrelon-path is an A powerful JSON path processor. Allows you to drill into and manipulate JSON objects with a simple dot-delimited path format e.g. "obj.name". Affected versions of this package are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. POC:...

Prototype Pollution

Overview deeps is a Highly performant utilities to manage deeply nested objects. get, set, merge, flatten, diff etc. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const deeps = require'deeps'; deeps.set, 'proto.polluted', true;...

Prototype Pollution

Overview confucious is an App configuration management. Kind of like nconf, but easier to use, predicable and more flexible. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const confucious = require'confucious'; confucious.set'proto:polluted',...

Prototype Pollution

Overview bmoor is an A basic foundation for other libraries, establishing useful patterbs, and letting them be more. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const bmoor = require'bmoor'; bmoor.set, ""proto.polluted"", true;...

Prototype Pollution

kibana is vulnerable to prototype pollution. The vulnerability exists through the improper use of set function of lodash in multiple locations, allowing Object.prototype to be overwritten...

Node.js third-party modules: [keyd] Prototype pollution

I would like to report a prototype pollution vulnerability in keyd module. It allows an attacker to inject properties on Object.prototype. Module module name: keyd version: 1.3.4 npm page: https://www.npmjs.com/package/keyd Module Description A small library for using and manipulating key paths i...

Prototype Pollution

sds is vulnerable to prototype pollution. It accepts the injection of attributes to pollute the properties of the Object.prototype by the attacker using the set function in js/set.js,...

Code injection

sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'...

Prototype Pollution

eivindfjeldstad-dot is vulnerable to prototype pollution. The vulnerability exists as the set function can be tricked into adding or modifying properties of Object.prototype...

Design/Logic Flaw

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

CVE-2020-7639

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

Prototype Pollution

Overview sds is a structured data search package. Affected versions of this package are vulnerable to Prototype Pollution. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. PoC var root = require"sds"; var...

Prototype Pollution

Overview Versions of dot-prop before 4.2.1 or 5.1.1 are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation Upgrade to...

CVE-2013-2832

The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors...

CVE-2013-2832

CVE-2013-2832 affects Google Chrome OS before 26.0.1410.57, specifically the O3D plug-in’s Buffer::Set in core/cross/buffer.cc, where uninitialized data could remain in a buffer and allow remote attackers to obtain sensitive information via unspecified vectors. The fix was delivered in Chrome OS ...