8 matches found
EUVD-2022-6095
Malicious code in bioql PyPI...
Prototype Pollution
deep-get-set is vulnerable to prototype pollution. The vulnerability exists due to an incomplete fix of CVE-2020-7715, allowing an attacker to get control of value of “deep” and modify attributes such as proto, constructor and prototype...
Prototype Pollution in deep-get-set
All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...
CVE-2022-21231
All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...
Design/Logic Flaw
All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...
@draadnl/openstad-cms (>=0.12.2 <=0.12.3), @ngodn/apostrophe (>=2.94.2 <=2.94.7) +37 more potentially affected by CVE-2020-7715 via deep-get-set (=0.1.1)
deep-get-set NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on deep-get-set and may be impacted: - @draadnl/openstad-cms =0.12.2, =2.94.2, =1.3.0, =0.0.1, =0.5.235, =2.94.1, =0.5.0, =0.5.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =2.93.0,...
CVE-2020-7715
All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function...
CVE-2020-7715
CVE-2020-7715 affects the npm package deep-get-set . The vulnerability is a prototype pollution flaw in the main function, arising from an incomplete fix, allowing an attacker to pollute Object.prototype (e.g., via the key path "proto " or related paths). Affected versions are those before the re...