12 matches found
EUVD-2021-0958
Malware in sbrugna...
CVE-2020-28268
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
gulp-controlled-merge-json (=0.2.1) potentially affected by CVE-2020-28268 via controlled-merge (=1.1.0)
controlled-merge NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on controlled-merge and may be impacted: - gulp-controlled-merge-json =0.2.1 Source cves: CVE-2020-28268 Source advisory: OSV:GHSA-5PG7-V24C-9RP9...
GHSA-5PG7-V24C-9RP9 Prototype pollution in controlled-merge
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
Prototype pollution in controlled-merge
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
Prototype Pollution
controlled-merge is vulnerable to prototype pollution. Lack of validation allows an attacker to inject arbitrary properties into proto or constructor to crash the application and potentially obtain remote code execution...
CVE-2020-28268
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
CVE-2020-28268
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
Remote code execution
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
CVE-2020-28268
The CVE-2020-28268 entry concerns controlled-merge prototype pollution in versions 1.0.0–1.2.0. The root cause is a prototype pollution vulnerability that can cause a denial of service and may lead to remote code execution. Documentation in PT-2020-16958 notes the issue and provides a remediation...
CVE-2020-28268
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
PT-2020-16958 · Unknown · Controlled-Merge
Name of the Vulnerable Software and Affected Versions: controlled-merge versions 1.0.0 through 1.2.0 Description: The issue allows an attacker to cause a denial of service and may lead to remote code execution due to a prototype pollution vulnerability. Recommendations: For versions 1.0.0 through...