14 matches found
Prototype Pollution
web3-core-method is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the attachToObject function, which allows an attacker to supply a crafted payload and inject properties into the Object.prototype, potentially leading to denial of servic...
EUVD-2025-31063
Malicious code in bioql PyPI...
CVE-2025-57329
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
GHSA-2J4C-9QQQ-896R web3-core-method is vulnerable to prototype pollution
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
003-gas-convert (=1.0.1), 0x-hunter-core (>=1.0.0 <=1.0.1-5) +6583 more potentially affected by CVE-2025-57329 via web3-core-method (>=1.0.0-beta.52 <=3.0.0-rc.5)
web3-core-method NPM version =1.0.0-beta.52, =1.0.0, =0.0.3, =0.0.3, =0.0.31, =1.1.0, =0.9.9, =0.1.0, =0.1.1 - 55tools-block =1.0.0 - 55tools-block-ext =1.0.0 - 84447xe5t8 =1.0.0 and more Source cves: CVE-2025-57329 Source advisory: SNYK:JS-WEB3COREMETHOD-13110028...
web3-core-method is vulnerable to prototype pollution
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
0x-relayer-cat (>=0.0.3 <=0.0.10), @1-dao-protocol/juice-contracts-v3 (>=3.1.3 <=3.1.4) +1439 more potentially affected by CVE-2025-57329 via web3-core-method (>=1.0.0-beta.52 <=1.10.3)
web3-core-method NPM version =1.0.0-beta.52, =0.0.3, =3.1.3, =1.0.2, =2.0.3, =1.14.5, =1.0.7, =0.1.0, =10.4.0, =9.0.0, =9.2.0 - @acentswap/aceswap-sdk =9.0.0 and more Source cves: CVE-2025-57329 Source advisory: OSV:GHSA-2J4C-9QQQ-896R...
CVE-2025-57329
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
CVE-2025-57329
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
PT-2025-39328
Name of the Vulnerable Software and Affected Versions web3-core-method versions 1.10.4 and earlier Description A Prototype Pollution issue exists in the attachToObject function of web3-core-method. Attackers can inject properties onto Object.prototype by providing a crafted payload. This can lead...
CVE-2025-57329
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
CVE-2025-57329
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing...
CVE-2025-57329
CVE-2025-57329 affects the JavaScript package web3-core-method (attachToObject) up to version 1.10.4. A prototype pollution flaw allows an attacker-supplied payload to inject properties into Object.prototype, potentially causing a denial of service (DoS) as the minimum consequence. Public referen...
CVE-2014-2504
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language DQL queries by calling 1 a core method or 2 a D2FS web-service method...