EUVD-2021-1207

Malware in sbrugna...

@ardier16/node-lb (>=1.0.0 <=2.0.0), @economist/backstopjs (>=0.0.1 <=0.0.3) +139 more potentially affected by CVE-2020-7679 via casperjs (>=1.1.0-beta3 <=1.1.4)

casperjs NPM version =1.1.0-beta3, =1.0.0, =0.0.1, =0.1.0, =1.2.0, =0.4.0, =0.1.0, =0.0.2, =3.40.4-ez-bin.7, =0.0.1, =0.0.2, =0.0.3 - autocallinjs =1.0.0 and more Source cves: CVE-2020-7679 Source advisory: OSV:GHSA-VRR3-5R3V-7XFW...

GHSA-VRR3-5R3V-7XFW Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs

Overview casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function. PoC js var payload = JSON.parse'"proto": "a": "pwned"'; mergeObjects, payload; console.log.a; //...

Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs

Overview casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function. PoC js var payload = JSON.parse'"proto": "a": "pwned"'; mergeObjects, payload; console.log.a; //...

Prototype Pollution

casperjs is vulnerable to prototype pollution. The mergeObjects function in utils.js does not validate object types and allows an attacker to inject arbitrary properties to overwrite proto or constructor attributes...

CasperJS Input Validation Error Vulnerability

CasperJS is a navigation script and test utility for the PhantomJS and SlimerJS browsers. An input validation error vulnerability exists in the 'mergeObjects' function in all versions of CasperJS. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2020-7679

In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution...

CVE-2020-7679

In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution...

CVE-2020-7679 Prototype Pollution

In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution...

CVE-2020-7679

CasperJS is affected by a Prototype Pollution vulnerability in the mergeObjects utility function across all versions. The issue allows an attacker to inject properties into Object.prototype (via proto or similar paths), potentially polluting prototypes and enabling unintended behavior. Documented...

@ardier16/node-lb (>=1.0.0 <=2.0.0), @economist/backstopjs (>=0.0.1 <=0.0.3) +139 more potentially affected by CVE-2020-7679 via casperjs (>=1.1.0-beta3 <=1.1.4)

casperjs NPM version =1.1.0-beta3, =1.0.0, =0.0.1, =0.1.0, =1.2.0, =0.4.0, =0.1.0, =0.0.2, =3.40.4-ez-bin.7, =0.0.1, =0.0.2, =0.0.3 - autocallinjs =1.0.0 and more Source cves: CVE-2020-7679 Source advisory: SNYK:JS-CASPERJS-572803...

Prototype Pollution

Overview casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS. Affected versions of this package are vulnerable to Prototype Pollution. The mergeObjects utility function is susceptible to Prototype Pollution. PoC by Snyk var payload = JSON.parse'"proto": "a": "pwned"';...

PT-2020-19702 · Casperjs Team · Casperjs

Name of the Vulnerable Software and Affected Versions: casperjs versions affected versions not specified Description: The issue concerns a Prototype Pollution vulnerability via the mergeObjects utility function in casperjs, a navigation scripting and testing utility for PhantomJS and SlimerJS. Th...