8 matches found
EUVD-2021-2306
Malware in sbrugna...
Prototype Pollution in dotty
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...
Type confusion
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...
Prototype Pollution
Overview dotty is a package that can access properties of nested objects using dot-path notation. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter a...
3m5-coco (>=0.0.2 <=0.0.981), @24hr/sentry-logger-node (>=0.4.0 <=1.2.2) +278 more potentially affected by CVE-2021-25912 via dotty (>=0.0.1 <=0.1.0)
dotty NPM version =0.0.1, =0.0.2, =0.4.0, =1.1.4, =0.0.2, =1.15.3, =0.1.0, =0.1.6, =1.0.4, =0.1.6, =0.1.0, =1.0.0, =1.0.0, =1.0.7 - @kikiemz/komzpol =1.1.2 and more Source cves: CVE-2021-25912 Source advisory: OSV:GHSA-F5C9-X9J6-87QP...
CVE-2021-25912
CVE-2021-25912 is a prototype pollution vulnerability in the Node.js package dotty, affecting versions 0.0.1 through 0.1.0. The flaw allows attackers to cause a denial of service and may lead to remote code execution. The root cause is a type-confusion/policing issue when keys in the path paramet...
Arbitrary Code Injection Over HTTP Traffic (CVE-2020-21176; CVE-2020-25042; CVE-2020-26248; CVE-2020-26712; CVE-2020-28994; CVE-2020-29284; CVE-2020-6308; CVE-2021-25912)
Arbitrary Code Injections Over HTTP Traffic...
JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)
The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...