Lucene search
+L

5 matches found

Cvelist
Cvelist
added 2021/01/19 10:25 a.m.27 views

CVE-2020-28472 Prototype Pollution

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...

7.3CVSS9.4AI score0.02142EPSS
Exploits1References6
CVE
CVE
added 2021/01/19 10:25 a.m.134 views

CVE-2020-28472

Prototype Pollution vulnerability CVE-2020-28472 affects @aws-sdk/shared-ini-file-loader (< 1.0.0-rc.9) and aws-sdk (

9.8CVSS8.3AI score0.02142EPSS
Exploits1References6Affected Software2
vulnersOsv
vulnersOsv
added 2021/01/14 1:2 p.m.6 views

0.workspace (>=0.1.0 <=0.1.1), 18a58t9c-upload (>=1.0.0 <=1.0.3) +17847 more potentially affected by CVE-2020-28472 via aws-sdk (>=2.0.0-rc1 <=2.813.0)

aws-sdk NPM version =2.0.0-rc1, =0.1.0, =1.0.0, =0.21.0, =1.0.0, =1.0.0, =0.1.0, =3.6.0, =0.0.2, =0.3.0, =0.1.0, =0.5.0 and more Source cves: CVE-2020-28472 Source advisory: SNYK:JS-AWSSDK-1059424...

9.8CVSS7.2AI score0.02142EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/01/14 1:2 p.m.5 views

@alwaysai/serverless-component (>=1.19.0 <=1.19.2), @andre.bonna/serverless-next.js (=1.14.1) +318 more potentially affected by CVE-2020-28472 via @aws-sdk/shared-ini-file-loader (>=1.0.0-beta.4 <=1.0.0-rc.8)

@aws-sdk/shared-ini-file-loader NPM version =1.0.0-beta.4, =1.19.0, =1.2.19-preview.112, =1.0.38-preview.116, =1.0.1-preview.0, =1.0.1-preview.0, =1.2.27-preview.116, =1.0.29-preview.139, =1.0.29-preview.139, =1.0.9-preview.5387, =1.0.32-preview.139, =1.2.1-ui-preview.54, =1.0.30-preview.139,...

9.8CVSS7.2AI score0.02142EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2020/06/21 12:0 a.m.119 views

JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)

The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...

7.5CVSS2.7AI score0.05213EPSS
Exploits13
Rows per page
Query Builder