EUVD-2021-0799

Malware in sbrugna...

CVE-2019-10792

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

generator-rest (=0.2.0), nodejsamazingenerator (>=1.0.0 <=1.70.60-stable) potentially affected by CVE-2022-25296 via bodymen (=1.1.1)

bodymen NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on bodymen and may be impacted: - generator-rest =0.2.0 - nodejsamazingenerator =1.0.0, =1.70.60-stable Source cves: CVE-2022-25296 Source advisory: OSV:GHSA-VHXC-FHM5-QCP9...

GHSA-VHXC-FHM5-QCP9 Prototype Pollution in bodymen

The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792...

CVE-2022-25296

The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792...

generator-rest (=0.2.0), nodejsamazingenerator (>=1.0.0 <=1.70.60-stable) potentially affected by CVE-2019-10792 +1 more via bodymen (=1.1.1)

bodymen NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on bodymen and may be impacted: - generator-rest =0.2.0 - nodejsamazingenerator =1.0.0, =1.70.60-stable Source cves: CVE-2019-10792, CVE-2022-25296 Source advisory:...

Bodymen Access Control Error Vulnerability

bodymen is a body parser middleware for MongoDB, Express and Nodejs MEN. A security vulnerability exists in bodymen versions prior to 1.1.1. An attacker can exploit the vulnerability to add or modify Object.prototype properties with the help of the 'handler' parameter...

Prototype Pollution

bodymen is vulnerable to prototype pollution. The vulnerability exists as the handler function accepts a proto payload, allowing the adding or modifying properties of Object.prototype...

CVE-2019-10792

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

CVE-2019-10792

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

CVE-2019-10792

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

Prototype Pollution

Overview bodymen is a Body parser middleware for MongoDB, Express and Nodejs. Affected versions of this package are vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC by JHU System Security La...