9 matches found
EUVD-2022-0557
Malicious code in bioql PyPI...
Prototype Pollution in js-data
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...
Prototype Pollution
js-data is vulnerable to pollution prototype. The vulnerability exists due to an incomplete fix of CVE-2020-28442. A remote attacker is able to inject arbitrary properties into existing construct prototypes and modify attributes via the deepFillIn and the set functions resulting in prototype...
CVE-2021-23574
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...
Design/Logic Flaw
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...
Prototype Pollution
Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442. PoC 1 var jsdata = require'js-data'; var obj = ; var payload =...
CVE-2020-28442 Prototype Pollution
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...
js-data-dao (=1.0.0) potentially affected by CVE-2020-28442 via js-data (=3.0.0-rc.5)
js-data NPM version =3.0.0-rc.5 is affected by a known vulnerability. The following packages have a transitive dependency on js-data and may be impacted: - js-data-dao =1.0.0 Source cves: CVE-2020-28442 Source advisory: SNYK:JS-JSDATA-1023655...
JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)
The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...