EUVD-2021-1215

Malware in sbrugna...

GHSA-W8F3-PVX4-4C3H Prototype Pollution in arr-flatten-unflatten

All versions of package arr-flatten-unflatten up to and including version 1.1.4 are vulnerable to Prototype Pollution via the constructor...

Prototype Pollution in arr-flatten-unflatten

All versions of package arr-flatten-unflatten up to and including version 1.1.4 are vulnerable to Prototype Pollution via the constructor...

Prototype Pollution in quernest/arr-flatten-unflatten

Description arr-flatten-unflatten is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var arrFlattenUnflatten = require"arr-flatten-unflatten" console.log"Before : " + .polluted; arrFlattenUnflatten.unflatten'protopolluted': 'Yes! Its Polluted';...

Prototype Pollution

arr-flatten-unflatten is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2020-7713

All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor...

CVE-2020-7713

CVE-2020-7713 affects the npm package arr-flatten-unflatten . All versions up to and including 1.1.4 are vulnerable to prototype pollution via the constructor . Public advisories (GHSA, OSV, Snyk, Veracode) confirm the issue and provide a PoC demonstrating pollution of Object.prototype. There is ...

CVE-2020-7713 Prototype Pollution

All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor...

PT-2020-19735 · Npm · Arr-Flatten-Unflatten

Name of the Vulnerable Software and Affected Versions: arr-flatten-unflatten versions up to and including 1.1.4 Description: The issue concerns Prototype Pollution via the constructor. This means that an attacker could potentially manipulate the prototype of an object, leading to unintended...