Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.11 views

CVE-2019-10795

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

6.5CVSS6.7AI score0.01089EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2022/02/09 10:34 p.m.13 views

@aaa-backend-stack/build-tools (>=1.16.0 <=2.4.4), @aaa-backend-stack/devtools (>=1.16.0 <=2.4.4) +141 more potentially affected by CVE-2019-10795 via undefsafe (>=0.0.2 <=2.0.1)

undefsafe NPM version =0.0.2, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2019-10795 Source advisory: OSV:GHSA-332Q-7FF2-57H2...

6.5CVSS6.5AI score0.01089EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/11 4:21 p.m.28 views

Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities

Summary IBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime shipped. Vulnerability Details CVEID: CVE-2019-10795 DESCRIPTION: Node.js undefsafe module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a...

10CVSS2.1AI score0.03799EPSS
Exploits7Affected Software1
CVE
CVE
added 2020/02/18 3:43 p.m.69 views

CVE-2019-10795

CVE-2019-10795 affects undefsafe prior to 2.0.3. Prototype pollution possible via the a() function using a proto payload to add/modify Object.prototype properties. Impact: remote attacker could manipulate global objects; CVSS ~6.3 (3.1) in provided metrics. Remediation: upgrade undefsafe to 2.0.3...

6.5CVSS6.3AI score0.01089EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/02/18 8:51 a.m.6 views

@zambezi/jsbin (=3.40.4-ez-bin.5), pin-api (>=1.1.0 <=1.3.1) potentially affected by CVE-2019-10795 via undefsafe (>=2.0.0 <=2.0.1)

undefsafe NPM version =2.0.0, =1.1.0, =1.3.1 Source cves: CVE-2019-10795 Source advisory: SNYK:JS-UNDEFSAFE-548940...

6.5CVSS6.5AI score0.01089EPSS
Exploits1
Rows per page
Query Builder