11 matches found
EUVD-2022-0939
Malicious code in bioql PyPI...
CVE-2020-28272
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
mongo-rest-api (=0.1.0), pine-ql (>=0.1.0 <=0.5.4) potentially affected by CVE-2020-28272 via keyget (=1.0.1)
keyget NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keyget and may be impacted: - mongo-rest-api =0.1.0 - pine-ql =0.1.0, =0.5.4 Source cves: CVE-2020-28272 Source advisory: OSV:GHSA-8MP8-28XH-R486...
GHSA-9FP7-4FJM-Q3MF Prototype Pollution in keyget
The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...
Prototype Pollution in keyget
The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...
Remote code execution
The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...
CVE-2021-23760
The CVE-2021-23760 entry concerns the npm package keyget vulnerability to Prototype Pollution. The issue affects keyget versions 0.0.0 and up to at least 2.2.0, where the set, push, and at methods can be abused to pollute an object's prototype, potentially enabling denial of service and remote co...
CVE-2020-28272
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
CVE-2020-28272
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
CVE-2020-28272
CVE-2020-28272 affects the npm package keyget (versions 1.0.0–2.2.0). A prototype pollution flaw in the setByPath() function allows an attacker to pollute the Object prototype (e.g., via proto .polluted), enabling denial of service and potentially remote code execution. The exploitation details a...
JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)
The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...