Aurelia-Path < 1.1.7 - Prototype Pollution

Aurelia-path before 1.1.7 contains a prototype pollution caused by parsing malicious URL parameters, letting attackers modify Object.prototype, exploit requires the application to parse user-controlled URLs. id: CVE-2021-41097 info: name: Aurelia-Path 1.1.7 - Prototype Pollution author: 0xAkoko...

CVE-2021-41097

aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will b...

Prototype Pollution

aurelia-path is vulnerable to prototype pollution. An attacker is able to modify object class Object by tricking an application to parse the following URL: https://aurelia.io/blog/?protoasdf=asdf...

aurelia-sails-socket-client (=0.10.0) potentially affected by CVE-2021-41097 via aurelia-path (=1.0.0-beta.1)

aurelia-path NPM version =1.0.0-beta.1 is affected by a known vulnerability. The following packages have a transitive dependency on aurelia-path and may be impacted: - aurelia-sails-socket-client =0.10.0 Source cves: CVE-2021-41097 Source advisory: OSV:GHSA-3C9C-2P65-QVWV...

CVE-2021-41097

aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will b...

Design/Logic Flaw

aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will b...

CVE-2021-41097

CVE-2021-41097 affects the Aurelia-path library. Before version 1.1.7, parsing malicious URL parameters can cause prototype pollution by modifying Object.prototype via crafted proto keys (example: ?proto [asdf]=asdf). This vulnerability primarily impacts Aurelia applications using aurelia-path (o...

aurelia 代码注入漏洞

aurelia path is part of the aurelia platform and contains utilities for path operations. A code injection vulnerability exists in aurelia path that exposes Aurelia applications that use the aurelia-path package to parse strings. No detailed vulnerability details are provided at this time...

PT-2021-23086

Name of the Vulnerable Software and Affected Versions aurelia-path versions prior to 1.1.7 Description The issue is related to a prototype pollution vulnerability in aurelia-path, which is part of the Aurelia platform and contains utilities for path manipulation. This vulnerability exposes Aureli...