Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4764

Malicious code in bioql PyPI...

7.5CVSS5.6AI score0.01114EPSS
Exploits2References5
Veracode
Veracode
added 2022/05/17 4:18 a.m.21 views

Prototype Pollution

sds is vulnerable to prototype pollution.The vulnerability exists due to an incomplete of CVE-2020-7618 where an injection of attributes can pollute the properties of the Object.prototype by the attacker using the set function in js/set.js,...

7.5CVSS6AI score0.01114EPSS
Exploits2References2Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/14 12:1 a.m.6 views

colorcat (>=0.0.2 <=0.2.10), karg (=0.1.2) +10 more potentially affected by CVE-2020-7618 +1 more via sds (>=1.14.1 <=4.4.0)

sds NPM version =1.14.1, =0.0.2, =0.2.2, =0.55.1, =1.0.0, =0.0.1, =0.1.1, =0.0.1, =1.0.3, =0.4.16, =0.1.1, =1.0.1, =1.0.2 Source cves: CVE-2020-7618, CVE-2022-25862 Source advisory: OSV:GHSA-PH28-WWFJ-FV7F...

7.5CVSS6.4AI score0.01114EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2022/05/14 12:1 a.m.29 views

Prototype Pollution in sds

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...

7.5CVSS3.1AI score0.00704EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2022/05/13 8:15 p.m.19 views

Design/Logic Flaw

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...

5CVSS5.7AI score0.01114EPSS
Exploits2References2
CVE
CVE
added 2022/05/13 8:5 p.m.69 views

CVE-2022-25862

The CVE-2022-25862 entry concerns the npm package sds, affected from version 0.0.0 onward. The vulnerability is a prototype pollution flaw caused by the set function in js/set.js, which can allow an attacker to add or modify properties on Object.prototype. This defect stems from an incomplete fix...

7.5CVSS5.1AI score0.00704EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2022/01/27 2:40 p.m.5 views

colorcat (>=0.0.2 <=0.2.10), karg (=0.1.2) +10 more potentially affected by CVE-2020-7618 +1 more via sds (>=1.14.1 <=4.4.0)

sds NPM version =1.14.1, =0.0.2, =0.2.2, =0.55.1, =1.0.0, =0.0.1, =0.1.1, =0.0.1, =1.0.3, =0.4.16, =0.1.1, =1.0.1, =1.0.2 Source cves: CVE-2020-7618, CVE-2022-25862 Source advisory: SNYK:JS-SDS-2385944...

7.5CVSS6.4AI score0.01114EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2020/09/03 3:53 p.m.4 views

konrad (>=0.2.2 <=0.187.0), kxk (>=0.55.1 <=0.402.0) +4 more potentially affected by CVE-2020-7618 via sds (>=1.14.1 <=3.2.0)

sds NPM version =1.14.1, =0.2.2, =0.55.1, =0.0.1, =1.0.3, =0.4.16, =0.1.1, =0.4.2 Source cves: CVE-2020-7618 Source advisory: OSV:GHSA-CXM3-284P-QC4V...

5.3CVSS6.4AI score0.01114EPSS
Exploits1
CVE
CVE
added 2020/04/07 1:22 p.m.75 views

CVE-2020-7618

CVE-2020-7618 affects the sds package up to 3.2.0. The issue is Prototype Pollution via the set.js function, allowing manipulation of Object.prototype. Affected components: sds (monsterkodi/sds); root cause is unsafe prototype modification through js/set.js. Potential impact includes pollution of...

5.3CVSS5.7AI score0.01114EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder