Lucene search
+L

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2022-0939

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01678EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 4:6 p.m.6 views

CVE-2020-28272

Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS7.3AI score0.03257EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/24 5:35 p.m.12 views

mongo-rest-api (=0.1.0), pine-ql (>=0.1.0 <=0.5.4) potentially affected by CVE-2020-28272 via keyget (=1.0.1)

keyget NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keyget and may be impacted: - mongo-rest-api =0.1.0 - pine-ql =0.1.0, =0.5.4 Source cves: CVE-2020-28272 Source advisory: OSV:GHSA-8MP8-28XH-R486...

9.8CVSS7.2AI score0.03257EPSS
Exploits1
OSV
OSV
added 2022/02/01 12:51 a.m.67 views

GHSA-9FP7-4FJM-Q3MF Prototype Pollution in keyget

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...

5.6CVSS9.6AI score0.01678EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/02/01 12:51 a.m.47 views

Prototype Pollution in keyget

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...

9.8CVSS5.1AI score0.01678EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/01/28 10:15 p.m.23 views

Remote code execution

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...

7.5CVSS9.6AI score0.03257EPSS
Exploits2References1
CVE
CVE
added 2022/01/28 9:31 p.m.75 views

CVE-2021-23760

The CVE-2021-23760 entry concerns the npm package keyget vulnerability to Prototype Pollution. The issue affects keyget versions 0.0.0 and up to at least 2.2.0, where the set, push, and at methods can be abused to pollute an object's prototype, potentially enabling denial of service and remote co...

9.8CVSS7.7AI score0.01678EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2020/12/02 3:15 p.m.42 views

CVE-2020-28272

Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS7.7AI score0.03257EPSS
Exploits1References2
OSV
OSV
added 2020/12/02 3:15 p.m.26 views

CVE-2020-28272

Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS7.5AI score0.03257EPSS
Exploits1References2
CVE
CVE
added 2020/12/02 2:32 p.m.51 views

CVE-2020-28272

CVE-2020-28272 affects the npm package keyget (versions 1.0.0–2.2.0). A prototype pollution flaw in the setByPath() function allows an attacker to pollute the Object prototype (e.g., via proto .polluted), enabling denial of service and potentially remote code execution. The exploitation details a...

9.8CVSS9.4AI score0.03257EPSS
Exploits1References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/06/21 12:0 a.m.122 views

JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)

The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...

7.5CVSS2.7AI score0.05213EPSS
Exploits13
Rows per page
Query Builder