Lucene search
+L

8 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-2306

Malware in sbrugna...

9.8CVSS9.3AI score0.01242EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/11/08 5:55 p.m.46 views

Prototype Pollution in dotty

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...

9.8CVSS2.7AI score0.01242EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2021/11/03 6:15 p.m.14 views

Type confusion

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...

7.5CVSS9.3AI score0.03337EPSS
Exploits2References2Affected Software1
Snyk
Snyk
added 2021/08/31 7:51 p.m.5 views

Prototype Pollution

Overview dotty is a package that can access properties of nested objects using dot-path notation. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter a...

9.8CVSS9AI score0.03337EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2021/02/05 8:43 p.m.6 views

3m5-coco (>=0.0.2 <=0.0.981), @24hr/sentry-logger-node (>=0.4.0 <=1.2.2) +278 more potentially affected by CVE-2021-25912 via dotty (>=0.0.1 <=0.1.0)

dotty NPM version =0.0.1, =0.0.2, =0.4.0, =1.1.4, =0.0.2, =1.15.3, =0.1.0, =0.1.6, =1.0.4, =0.1.6, =0.1.0, =1.0.0, =1.0.0, =1.0.7 - @kikiemz/komzpol =1.1.2 and more Source cves: CVE-2021-25912 Source advisory: OSV:GHSA-F5C9-X9J6-87QP...

9.8CVSS7.2AI score0.03337EPSS
Exploits1
CVE
CVE
added 2021/02/02 6:40 p.m.59 views

CVE-2021-25912

CVE-2021-25912 is a prototype pollution vulnerability in the Node.js package dotty, affecting versions 0.0.1 through 0.1.0. The flaw allows attackers to cause a denial of service and may lead to remote code execution. The root cause is a type-confusion/policing issue when keys in the path paramet...

9.8CVSS9.4AI score0.03337EPSS
Exploits1References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/01/03 12:0 a.m.77 views

Arbitrary Code Injection Over HTTP Traffic (CVE-2020-21176; CVE-2020-25042; CVE-2020-26248; CVE-2020-26712; CVE-2020-28994; CVE-2020-29284; CVE-2020-6308; CVE-2021-25912)

Arbitrary Code Injections Over HTTP Traffic...

10CVSS1AI score0.61736EPSS
Exploits15
Check Point Advisories
Check Point Advisories
added 2020/06/21 12:0 a.m.128 views

JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)

The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...

7.5CVSS2.7AI score0.05213EPSS
Exploits13
Rows per page
Query Builder