Lucene search
K

22 matches found

Snyk
Snyk
added 2026/05/12 3:1 p.m.14 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution in the process of copying enumerable properties from a user-supplied object to a generated message instance without filtering the proto property. An attacker can alter the prototype of individual message instances by...

7.5CVSS6.4AI score0.00264EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/04 6:17 a.m.6 views

Prototype Pollution

Overview org.webjars.npm:defu is a Recursively assign default properties. Lightweight and Fast! Affected versions of this package are vulnerable to Prototype Pollution via the defu function. An attacker can override default configuration values by supplying crafted input containing a proto key,...

8.7CVSS6.4AI score0.00398EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/04 9:28 p.m.4 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution in the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject functions. An attacker can inject arbitrary properties into object prototypes by supplying crafted input containing special keys, potentially leading...

9.8CVSS6.3AI score0.00978EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/23 8:31 p.m.6 views

Prototype Pollution

Overview rollbar is an Effortlessly track and debug errors in your JavaScript applications with Rollbar. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. Affected versions of this package are vulnerable to Prototyp...

8.2CVSS8.2AI score0.00358EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/24 9:30 p.m.5 views

Prototype Pollution

Overview ts-fns is a Public Functions. Affected versions of this package are vulnerable to Prototype Pollution via the assign function. An attacker can inject arbitrary properties into the global object's prototype by supplying crafted keys, which may result in application crashes, unexpected cod...

6.9CVSS8.2AI score0.004EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/18 1:2 p.m.4 views

Prototype Pollution

Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via the evaluation process, which accesses global values by searching for item.value in expr.functions. An attacker can access prototype, proto, constructor, and assig...

9.8CVSS8.1AI score0.00422EPSS
Exploits1References2
Snyk
Snyk
added 2024/04/03 5:3 p.m.5 views

Prototype Poisoning

Overview mysql2 is a mostly API compatible with mysqljs and supports majority of features. Affected versions of this package are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and...

6.5CVSS7.2AI score0.00962EPSS
Exploits1References2
Snyk
Snyk
added 2024/03/14 1:3 p.m.6 views

Cross-site Scripting (XSS)

Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and...

6.1CVSS7AI score0.00516EPSS
Exploits1References2
Snyk
Snyk
added 2023/02/19 4:13 p.m.9 views

Prototype Pollution

Overview fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Prototype Pollution due to improper argument validation, which is exploitable via the aName variable. PoC js const XMLParser, XMLBuilder, XMLValidator...

6.5CVSS7.5AI score0.01152EPSS
Exploits1References2
Snyk
Snyk
added 2023/02/12 10:39 a.m.3 views

Prototype Pollution

Overview algoliasearch-helper is a Helper for implementing advanced search features with algolia Affected versions of this package are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the...

9.8CVSS8.9AI score0.01561EPSS
Exploits2References2
Snyk
Snyk
added 2022/01/27 3:0 p.m.4 views

Sandbox Bypass

Overview Affected versions of this package are vulnerable to Sandbox Bypass. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. Note: This vulnerability derives...

6.5CVSS7.2AI score0.00997EPSS
Exploits1References3
Snyk
Snyk
added 2022/01/18 3:29 p.m.4 views

Prototype Pollution

Overview keyget is an Is nested object manipulation kit. It can find, get, set, push or call nested properties. Note: The package is deprecated due to prototype pollution vulnerability. Affected versions of this package are vulnerable to Prototype Pollution via the methods set, push, and at which...

9.8CVSS8.9AI score0.03257EPSS
Exploits2References2
Snyk
Snyk
added 2021/12/06 11:55 a.m.5 views

Sandbox Bypass

Overview realms-shim is a shim implementation of the Realm API Proposal. Affected versions of this package are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. PoC javascript import Realm from 'realms-shim' let realm = Realm.makeRootRealm; realm.evaluate function test try tes...

9.8CVSS9AI score0.01762EPSS
Exploits1References3
Snyk
Snyk
added 2021/08/31 5:19 p.m.5 views

Prototype Pollution

Overview jsonpointer is a Simple JSON Addressing. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays. PoC const jsonpointer = require'jsonpointer'...

9.8CVSS9AI score0.02539EPSS
Exploits1References2
Snyk
Snyk
added 2021/01/29 11:22 a.m.5 views

Prototype Pollution

Overview total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Prototype Pollution. The set function can be...

7.5CVSS8.1AI score0.03634EPSS
Exploits1References2
Snyk
Snyk
added 2020/10/09 3:36 p.m.5 views

Prototype Pollution

Overview json-ptr is a complete implementation of JSON Pointer RFC 6901 for nodejs and modern browsers. Affected versions of this package are vulnerable to Prototype Pollution. The issue occurs in the set operation https://flitbit.github.io/json-ptr/classes/srcpointer.jsonpointer.htmlset when the...

9.8CVSS9AI score0.01879EPSS
Exploits1References2
Snyk
Snyk
added 2020/08/14 4:18 p.m.16 views

Prototype Pollution

Overview safetydance is an Exception safety in node.js Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const safetydance = require'safetydance'; safetydance.set, 'proto.polluted', true; console.logpolluted; //true Details Prototype Pollution is a...

9.8CVSS9AI score0.01355EPSS
Exploits1References2
Snyk
Snyk
added 2020/08/14 10:24 a.m.4 views

Prototype Pollution

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing...

9.8CVSS8.2AI score0.03162EPSS
Exploits1References2
Snyk
Snyk
added 2020/08/14 9:47 a.m.4 views

Prototype Pollution

Overview grpc is a gRPC Library for Node Affected versions of this package are vulnerable to Prototype Pollution via loadPackageDefinition. POC: const loadPackageDefinition = require'grpc'; loadPackageDefinition'proto.polluted': true; console.logpolluted; Details Prototype Pollution is a...

9.8CVSS8.8AI score0.03554EPSS
Exploits0References2
Snyk
Snyk
added 2020/08/14 9:36 a.m.6 views

Prototype Pollution

Overview deeps is a Highly performant utilities to manage deeply nested objects. get, set, merge, flatten, diff etc. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const deeps = require'deeps'; deeps.set, 'proto.polluted', true;...

9.8CVSS9AI score0.01916EPSS
Exploits1References2
Rows per page
Query Builder