Lucene search
K

7 matches found

Snyk
Snyk
added 2026/05/12 3:1 p.m.9 views

Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution in the process of copying enumerable properties from a user-supplied object to a generated message instance without filtering the proto property. An attack...

6.3CVSS6.5AI score0.00264EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/04/07 7:9 p.m.13 views

estree-util-value-to-estree allows prototype pollution in generated ESTree

Impact When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. Example: js import generate from 'astring' import valueToEstree from 'estree-util-value-to-estree' const estree = valueToEstree 'proto': const code...

6.9CVSS7.2AI score0.00392EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/04/05 9:30 p.m.37 views

GHSA-776F-QX25-Q3CC xml2js is vulnerable to prototype pollution

xml2js versions before 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS5.3AI score0.01404EPSS
Exploits1References6
NVD
NVD
added 2023/04/05 8:15 p.m.12 views

CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS5.4AI score0.01404EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/11/04 12:0 p.m.24 views

fastest-json-copy vulnerable to Prototype Pollution

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS5.5AI score0.00615EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/11/03 8:15 p.m.25 views

Code injection

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

5CVSS5.2AI score0.00615EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2018/04/26 3:25 p.m.44 views

Prototype Pollution in hoek

Versions of hoek prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution. The merge function, and the applyToDefaults and applyToDefaultsWithShallow functions which leverage merge behind the scenes, are vulnerable to a prototype pollution attack when provided an unvalidated payload created...

8.8CVSS3AI score0.04226EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder