Lucene search
+L

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-2047

Malware in sbrugna...

9.8CVSS9.2AI score0.0186EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2021/09/22 8:36 p.m.74 views

Prototype Pollution in jointjs

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...

9.8CVSS3.3AI score0.0186EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2021/09/21 5:15 p.m.25 views

Type confusion

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...

7.5CVSS9.3AI score0.0186EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2021/09/21 4:55 p.m.37 views

CVE-2021-23444 Prototype Pollution

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...

5.6CVSS9.7AI score0.0186EPSS
Exploits1References6
Huntr
Huntr
added 2021/09/05 6:40 a.m.21 views

Prototype Pollution in clientio/joint

✍️ Description jointjs package is vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the path components used in the path parameter are arrays. In particular, the condition key === "proto" returns false if key is "proto". This is because...

2.1AI score0.01359EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/01/20 9:21 p.m.4 views

@convergence/jointjs-utils (>=0.1.0 <=0.4.0), @davidyaha/graphql-birdseye (>=1.0.7 <=1.0.8) +33 more potentially affected by CVE-2020-28480 via jointjs (>=0.9.10 <=3.2.0)

jointjs NPM version =0.9.10, =0.1.0, =1.0.7, =0.1.0, =0.1.3, =0.8.2, =1.5.30, =1.0.1, =1.0.0-alpha.1, =1.0.0, =0.0.3, =0.1.0, =1.0.6, =1.3.0 and more Source cves: CVE-2020-28480 Source advisory: OSV:GHSA-QWP9-52H8-XGG8...

9.8CVSS7.2AI score0.01359EPSS
Exploits0
Cvelist
Cvelist
added 2021/01/19 2:45 p.m.39 views

CVE-2020-28480 Prototype Pollution

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...

7.3CVSS7.3AI score0.01359EPSS
Exploits0References5
CVE
CVE
added 2021/01/19 2:45 p.m.56 views

CVE-2020-28480

JointJS prior to 3.4.2 is affected by a Prototype Pollution in setByPath, allowing attacker-controlled path keys to pollute Object.prototype. The issue arises when the path parameter is provided as an array (or nested arrays) and assigns values on prototypes, enabling potential DoS, information d...

9.8CVSS7.2AI score0.01359EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2021/01/19 10:31 a.m.5 views

@convergence/jointjs-utils (=0.4.0), aihub (>=1.0.1 <=1.0.2) +7 more potentially affected by CVE-2020-28480 via jointjs (>=3.1.0 <=3.2.0)

jointjs NPM version =3.1.0, =1.0.1, =1.0.6, =1.0.1, =1.0.1, =0.9.0, =0.10.1 - ublatt =1.2.0 - vue-erd =0.1.1 - vue-test-demo-one =0.1.0 Source cves: CVE-2020-28480 Source advisory: SNYK:JS-JOINTJS-1024444...

9.8CVSS7.2AI score0.01359EPSS
Exploits0
Rows per page
Query Builder