9 matches found
EUVD-2022-4764
Malicious code in bioql PyPI...
Prototype Pollution
sds is vulnerable to prototype pollution.The vulnerability exists due to an incomplete of CVE-2020-7618 where an injection of attributes can pollute the properties of the Object.prototype by the attacker using the set function in js/set.js,...
colorcat (>=0.0.2 <=0.2.10), karg (=0.1.2) +10 more potentially affected by CVE-2020-7618 +1 more via sds (>=1.14.1 <=4.4.0)
sds NPM version =1.14.1, =0.0.2, =0.2.2, =0.55.1, =1.0.0, =0.0.1, =0.1.1, =0.0.1, =1.0.3, =0.4.16, =0.1.1, =1.0.1, =1.0.2 Source cves: CVE-2020-7618, CVE-2022-25862 Source advisory: OSV:GHSA-PH28-WWFJ-FV7F...
Prototype Pollution in sds
This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...
Design/Logic Flaw
This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...
CVE-2022-25862
The CVE-2022-25862 entry concerns the npm package sds, affected from version 0.0.0 onward. The vulnerability is a prototype pollution flaw caused by the set function in js/set.js, which can allow an attacker to add or modify properties on Object.prototype. This defect stems from an incomplete fix...
colorcat (>=0.0.2 <=0.2.10), karg (=0.1.2) +10 more potentially affected by CVE-2020-7618 +1 more via sds (>=1.14.1 <=4.4.0)
sds NPM version =1.14.1, =0.0.2, =0.2.2, =0.55.1, =1.0.0, =0.0.1, =0.1.1, =0.0.1, =1.0.3, =0.4.16, =0.1.1, =1.0.1, =1.0.2 Source cves: CVE-2020-7618, CVE-2022-25862 Source advisory: SNYK:JS-SDS-2385944...
konrad (>=0.2.2 <=0.187.0), kxk (>=0.55.1 <=0.402.0) +4 more potentially affected by CVE-2020-7618 via sds (>=1.14.1 <=3.2.0)
sds NPM version =1.14.1, =0.2.2, =0.55.1, =0.0.1, =1.0.3, =0.4.16, =0.1.1, =0.4.2 Source cves: CVE-2020-7618 Source advisory: OSV:GHSA-CXM3-284P-QC4V...
CVE-2020-7618
CVE-2020-7618 affects the sds package up to 3.2.0. The issue is Prototype Pollution via the set.js function, allowing manipulation of Object.prototype. Affected components: sds (monsterkodi/sds); root cause is unsafe prototype modification through js/set.js. Potential impact includes pollution of...