Lucene search
K

49 matches found

Snyk
Snyk
added 2026/06/18 1:5 p.m.6 views

Prototype Pollution

Overview jodit is a Jodit is awesome and usefully wysiwyg editor with filebrowser Affected versions of this package are vulnerable to Prototype Pollution via the Jodit.modules.Helpers.set function. An attacker can inject unexpected properties into Object.prototype by supplying a crafted chain...

6.9CVSS6.5AI score0.00315EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/04 6:17 a.m.2 views

Prototype Pollution

Overview defu is a Recursively assign default properties. Lightweight and Fast! Affected versions of this package are vulnerable to Prototype Pollution via the defu function. An attacker can override default configuration values by supplying crafted input containing a proto key, which results in...

8.7CVSS6.4AI score0.00398EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 11:2 p.m.3 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially impacting application behaviour. Notes: 1 Version 4.18.0 was intend...

7.9CVSS6.4AI score0.01535EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 8:29 p.m.2 views

Prototype Pollution

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Prototype Pollution via the uneval method. An attacker can manipulate object prototypes by supplying...

4.4CVSS6.6AI score
Exploits0References2
Snyk
Snyk
added 2026/02/10 4:58 p.m.4 views

Prototype Pollution

Overview @casl/ability is a CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access Affected versions of this package are vulnerable to Prototype Pollution via the rulesToFields which handles object properties. An attacker can inject...

9.8CVSS6.5AI score0.00624EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/24 9:30 p.m.3 views

Prototype Pollution

Overview messageformat is an Intl.MessageFormat / Unicode MessageFormat 2 parser, runtime and polyfill Affected versions of this package are vulnerable to Prototype Pollution via improper handling of message key paths containing special characters in the process when processing nested message key...

7.5CVSS8.1AI score0.00372EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/24 9:30 p.m.5 views

Prototype Pollution

Overview csvjson is a convert csv to json and json to csv Affected versions of this package are vulnerable to Prototype Pollution via the toCsv function. An attacker can cause a denial of service by injecting properties into Object.prototype through a crafted payload. Details Prototype Pollution ...

8.7CVSS8.1AI score0.00365EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/24 9:30 p.m.2 views

Prototype Pollution

Overview org.webjars.npm:rollbar is an Effortlessly track and debug errors in your JavaScript applications with Rollbar. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. Affected versions of this package are...

7.5CVSS6.6AI score0.00365EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/24 9:30 p.m.3 views

Prototype Pollution

Overview sassdoc-extras is a SassDoc's Toolbelt Affected versions of this package are vulnerable to Prototype Pollution via the byGroupAndType function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or...

7.5CVSS8.2AI score0.00386EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/24 9:30 p.m.3 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or denial of service. Details Prototype...

7.5CVSS8.2AI score0.00365EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/24 9:30 p.m.3 views

Prototype Pollution

Overview rollbar is an Effortlessly track and debug errors in your JavaScript applications with Rollbar. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. Affected versions of this package are vulnerable to Prototyp...

7.5CVSS7.8AI score0.00365EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/24 9:30 p.m.6 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially leading to application instability or service disruption. Details Prototy...

7.5CVSS6.7AI score0.00365EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/24 9:30 p.m.6 views

Prototype Pollution

Overview mpregular is a Affected versions of this package are vulnerable to Prototype Pollution via the mp.addEventHandler function. An attacker can cause application instability or crash by injecting malicious properties into Object.prototype through a specially crafted payload. Details Prototyp...

8.7CVSS8.1AI score0.00386EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/25 3:53 p.m.6 views

Prototype Pollution

Overview docarray is a The data structure for multimodal data Affected versions of this package are vulnerable to Prototype Pollution due to a lack of sanitization of unauthorized internal object in the getitem method. An attacker can manipulate object prototype attributes by sending a crafted...

8.8CVSS8AI score0.00563EPSS
Exploits1References2
Snyk
Snyk
added 2023/04/10 11:41 a.m.5 views

Prototype Pollution

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Prototype Pollution via the config function, due to improper sanitization of its parameter content. Note: This advisory is revoked as a duplicate of CVE-2024-38999. PoC js var requirejs=...

10CVSS7.3AI score0.00749EPSS
Exploits0References2
Snyk
Snyk
added 2023/03/26 12:36 p.m.7 views

Prototype Pollution

Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content. PoC js var safeEval = require'safe-eval' let code = function Error.prepareStackTrace = , c = c.ma...

10CVSS9AI score0.01111EPSS
Exploits1References2
Snyk
Snyk
added 2022/02/15 2:56 p.m.6 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via object-extend. PoC js const extend = require"object-extend"; const payload = JSON.parse'"proto":"isAdmin":"yes"'; extend, payload; const obj = "a":1; console.logobj.isAdmin // print yes on arbitrary objects since...

9.8CVSS9.2AI score0.01357EPSS
Exploits1References2
Snyk
Snyk
added 2022/02/02 1:2 p.m.4 views

Prototype Pollution

Overview putil-merge is a Lightweight solution for merging multiple objects into one. Also it supports deep merge. Affected versions of this package are vulnerable to Prototype Pollution. The merge function does not check the values passed into the argument. An attacker can supply a malicious val...

9.8CVSS9AI score0.01266EPSS
Exploits1References2
Snyk
Snyk
added 2022/01/30 10:56 a.m.4 views

Denial of Service (DoS)

Overview bignum is an Arbitrary precision integral arithmetic for Node.js using OpenSSL. This library is based on node-bigint by substack, but instead of using libgmp, it uses the builtin bignum functionality provided by OpenSSL. The advantage is that OpenSSL is already part of Node.js, so this...

7.5CVSS7.9AI score0.0141EPSS
Exploits1References2
Snyk
Snyk
added 2022/01/30 10:8 a.m.3 views

Prototype Pollution

Overview set-in is a set value of nested associative structure given array of keys Affected versions of this package are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of...

9.8CVSS9AI score0.03878EPSS
Exploits2References2
Rows per page
Query Builder