EUVD-2023-0860

Malicious code in bioql PyPI...

CVE-2023-26113

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

CVE-2023-48508 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Collection.js vulnerable to Prototype Pollution

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

GHSA-47PJ-Q2VM-46XC Collection.js vulnerable to Prototype Pollution

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

@pzlr/build-core (>=2.14.0 <=2.15.1-beta.1), @v4fire/cli (>=1.3.0 <=2.1.0) +13 more potentially affected by CVE-2023-26113 via collection.js (>=5.5.6 <=6.7.11)

collection.js NPM version =5.5.6, =2.14.0, =1.3.0, =2.0.0-beta.1, =2.0.0-beta.1, =2.0.0, =6.0.0, =3.0.1, =7.1.0, =2.0.0, =2.0.0, =7.0.10, =7.1.0, =6.0.0, =7.0.0, =7.1.0 Source cves: CVE-2023-26113 Source advisory: OSV:GHSA-47PJ-Q2VM-46XC...

CVE-2023-26113

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

CVE-2023-26113

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

Code injection

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

CVE-2023-26113

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

CVE-2023-26113

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

CVE-2023-26113

CVE-2023-26113 affects the JavaScript package collection.js prior to 6.8.1. The root cause is a Prototype Pollution vulnerability in the extend function located at Collection.js/dist/node/iterators/extend.js, enabling polluted prototypes. Multiple sources (NVD, Red Hat, GHSA, OSV, CVE CVE lists) ...

PT-2023-20499 · Unknown · Collection.Js

Name of the Vulnerable Software and Affected Versions: collection.js versions prior to 6.8.1 Description: The issue concerns Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js. This affects versions of the package collection.js before 6.8.1. Recommendations...

@pzlr/build-core (>=2.14.0 <=2.15.1-beta.1), @v4fire/cli (>=1.3.0 <=2.1.0) +3 more potentially affected by CVE-2023-26113 via collection.js (=6.7.11)

collection.js NPM version =6.7.11 is affected by a known vulnerability. The following packages have a transitive dependency on collection.js and may be impacted: - @pzlr/build-core =2.14.0, =1.3.0, =2.0.0-beta.1, =2.0.0-beta.1, =3.75.0 Source cves: CVE-2023-26113 Source advisory:...

Prototype Pollution

Overview collection.js is a Minimalistic JavaScript library for working with collections of data. Affected versions of this package are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js. PoC javascript var collection = require"collection.js"...