32 matches found
EUVD-2019-0624
Malware in sbrugna...
EUVD-2018-0345
Malware in sbrugna...
EUVD-2019-0628
Malware in sbrugna...
CVE-2019-10745
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a proto payload...
CVE-2019-10750
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a proto payload...
CVE-2019-10750
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a proto payload...
Design/Logic Flaw
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a proto payload...
CVE-2019-10750
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a proto payload...
@peak-stone/vue-admin (>=1.0.1 <=2.1.1) potentially affected by CVE-2019-10745 via assign-deep (=1.0.0)
assign-deep NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on assign-deep and may be impacted: - @peak-stone/vue-admin =1.0.1, =2.1.1 Source cves: CVE-2019-10745 Source advisory: OSV:GHSA-66RH-8FW6-59Q6...
@careteam/mfe-init (=0.0.8), @topfeed/topfeed (>=0.0.30 <=0.0.44) +69 more potentially affected by CVE-2019-10745 via assign-deep (>=0.1.2 <=0.4.7)
assign-deep NPM version =0.1.2, =0.0.30, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =1.0.0, =1.2.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =2.3.0 and more Source cves: CVE-2019-10745 Source advisory: OSV:GHSA-66RH-8FW6-59Q6...
GHSA-66RH-8FW6-59Q6 assign-deep Vulnerable to Prototype Pollution
Versions of assign-deep prior to 1.0.1 and 0.4.8 are vulnerable to Prototype Pollution. The assign function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...
assign-deep Vulnerable to Prototype Pollution
Versions of assign-deep prior to 1.0.1 and 0.4.8 are vulnerable to Prototype Pollution. The assign function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...
CVE-2019-10745
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a proto payload...
CVE-2019-10745
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a proto payload...
Design/Logic Flaw
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a proto payload...
CVE-2019-10745
The CVE-2019-10745 entry concerns the assign-deep module, which is vulnerable to Prototype Pollution. Affected versions are before 0.4.8 and version 1.0.0, where the assign-deep function could be tricked into adding or modifying properties of Object.prototype via a constructor or proto payload. T...
CVE-2019-10745
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a proto payload...
Prototype Pollution
assign-deep is vulnerable to prototype pollution. It does not validate the Object.keys before assigning it to the target object, therefore allowing an attacker to inject properties and objects into existing construct prototype...
Prototype Pollution
Overview deeply is an a toolkit for deep structure manipulations, provides deep merge/clone functionality out of the box, and exposes hooks and custom adapters for more control and greater flexibility. Affected versions of this package are vulnerable to Prototype Pollution. The function assign-de...
Prototype Pollution
Overview Versions of assign-deep prior to 1.0.1 are vulnerable to Prototype Pollution. The assign function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...