4 matches found
cloudron (>=0.1.2 <=0.9.4), cloudron-manifestformat (>=1.3.0 <=5.10.1) +8 more potentially affected by CVE-2020-7737 via safetydance (>=0.0.15 <=1.0.0)
safetydance NPM version =0.0.15, =0.1.2, =1.3.0, =1.0.0, =1.0.0, =0.8.7, =1.3.0, =0.0.2, =0.2.1 Source cves: CVE-2020-7737 Source advisory: OSV:GHSA-6M85-WVCR-PGW3...
CVE-2020-7737
All versions of package safetydance are vulnerable to Prototype Pollution via the set function...
CVE-2020-7737
CVE-2020-7737 affects the npm package safetydance (all versions) and is a Prototype Pollution vulnerability caused by unsafe handling in the library’s set function. The provided connected documents confirm that attackers could inject properties into the prototype chain (e.g., via proto ), potenti...
@cloudron/manifest-format (>=5.27.0 <=5.35.0), @cloudron/pipework (>=1.1.0 <=2.0.0) +13 more potentially affected by CVE-2020-7737 via safetydance (>=0.0.15 <=2.5.1)
safetydance NPM version =0.0.15, =5.27.0, =1.1.0, =1.0.0, =0.1.2, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =0.8.7, =1.3.0, =0.0.3, =0.0.2, =0.2.1 Source cves: CVE-2020-7737 Source advisory: SNYK:JS-SAFETYDANCE-598687...