9 matches found
Aurelia-Path < 1.1.7 - Prototype Pollution
Aurelia-path before 1.1.7 contains a prototype pollution caused by parsing malicious URL parameters, letting attackers modify Object.prototype, exploit requires the application to parse user-controlled URLs. id: CVE-2021-41097 info: name: Aurelia-Path 1.1.7 - Prototype Pollution author: 0xAkoko...
CVE-2021-41097
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will b...
Prototype Pollution
aurelia-path is vulnerable to prototype pollution. An attacker is able to modify object class Object by tricking an application to parse the following URL: https://aurelia.io/blog/?protoasdf=asdf...
aurelia-sails-socket-client (=0.10.0) potentially affected by CVE-2021-41097 via aurelia-path (=1.0.0-beta.1)
aurelia-path NPM version =1.0.0-beta.1 is affected by a known vulnerability. The following packages have a transitive dependency on aurelia-path and may be impacted: - aurelia-sails-socket-client =0.10.0 Source cves: CVE-2021-41097 Source advisory: OSV:GHSA-3C9C-2P65-QVWV...
CVE-2021-41097
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will b...
Design/Logic Flaw
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will b...
CVE-2021-41097
CVE-2021-41097 affects the Aurelia-path library. Before version 1.1.7, parsing malicious URL parameters can cause prototype pollution by modifying Object.prototype via crafted proto keys (example: ?proto [asdf]=asdf). This vulnerability primarily impacts Aurelia applications using aurelia-path (o...
PT-2021-23086
Name of the Vulnerable Software and Affected Versions aurelia-path versions prior to 1.1.7 Description The issue is related to a prototype pollution vulnerability in aurelia-path, which is part of the Aurelia platform and contains utilities for path manipulation. This vulnerability exposes Aureli...
aurelia 代码注入漏洞
aurelia path is part of the aurelia platform and contains utilities for path operations. A code injection vulnerability exists in aurelia path that exposes Aurelia applications that use the aurelia-path package to parse strings. No detailed vulnerability details are provided at this time...