11 matches found
EUVD-2022-3906
Malicious code in bioql PyPI...
CVE-2019-10794
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
component-flatten vulnerable to Prototype Pollution
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
GHSA-G6R3-HHG9-QF58 component-flatten vulnerable to Prototype Pollution
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
byways (>=1.2.0 <=1.5.2), component-build (>=1.0.0 <=1.2.2) +17 more potentially affected by CVE-2019-10794 via component-flatten (>=0.0.1 <=1.0.1)
component-flatten NPM version =0.0.1, =1.2.0, =1.0.0, =1.0.0, =1.3.0, =0.0.3, =0.1.0, =1.0.0, =1.0.0, =0.2.0, =1.0.0, =1.2.0, =0.0.1, =0.0.1, =0.0.4 - faiton-builder =1.1.10 and more Source cves: CVE-2019-10794 Source advisory: OSV:GHSA-G6R3-HHG9-QF58...
Prototype Pollution
component-flatten causes prototype pollution. The prototype can be polluted since it does not restrict a proto payload, allowing the attacker to add or modify properties of Object.prototype using the payload...
Design/Logic Flaw
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2019-10794
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2019-10794
CVE-2019-10794 affects component-flatten, where all versions are vulnerable to prototype pollution via a proto payload. The flaw enables an attacker to trick the program into adding or modifying properties on Object.prototype, with consequences including potential arbitrary code execution as desc...
byways (>=1.2.0 <=1.5.2), component-build (>=1.0.0 <=1.2.2) +17 more potentially affected by CVE-2019-10794 via component-flatten (>=0.0.1 <=1.0.1)
component-flatten NPM version =0.0.1, =1.2.0, =1.0.0, =1.0.0, =1.3.0, =0.0.3, =0.1.0, =1.0.0, =1.0.0, =0.2.0, =1.0.0, =1.2.0, =0.0.1, =0.0.1, =0.0.4 - faiton-builder =1.1.10 and more Source cves: CVE-2019-10794 Source advisory: SNYK:JS-COMPONENTFLATTEN-548907...
Prototype Pollution
Overview component-flatten is a module that flattens a resolved component tree. Note: This package is deprecated. Affected versions of this package are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a proto payload...