9 matches found
EUVD-2021-1494
Malware in sbrugna...
CVE-2021-32736
think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes...
@lx-frontend/theme-preview (=0.0.1), file-sort-rename (=1.0.1) +21 more potentially affected by CVE-2021-32736 via think-helper (=1.0.23)
think-helper NPM version =1.0.23 is affected by a known vulnerability. The following packages have a transitive dependency on think-helper and may be impacted: - @lx-frontend/theme-preview =0.0.1 - file-sort-rename =1.0.1 - ntt-redis =1.0.0, =1.0.1, =1.0.1, =1.0.0, =1.0.1, =1.0.3, =1.0.2, =1.0.1,...
Prototype Pollution in think-helper
Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Patches [email protected] patched it, anyone used think-helper should...
CVE-2021-32736
think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes...
CVE-2021-32736
think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes...
CVE-2021-32736 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in think-helper
think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes...
CVE-2021-32736
CVE-2021-32736 concerns prototype pollution in the ThinkJS helper package: think-helper versions prior to 1.1.3 accept input that can modify attributes of the object prototype, leading to potential pollution. The issue is caused by upstream input influencing initialization/update of object attrib...
ThinkJS 代码问题漏洞
ThinkJS is a Javascript-based and ES2015-enabled codebase for developing Node applications organized by ThinkJS. A code issue vulnerability exists in ThinkJS's think-helper, which stems from the component accepting input from upper-level groups for object initialization and modification without...