Lucene search
+L

5 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-0994

Malware in sbrugna...

7.1CVSS6.9AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/02/10 11:52 p.m.3 views

@asephermann/capacitor-filechooser (=0.0.1), @jewel998/mock-location (>=0.0.9 <=0.0.10) +53 more potentially affected by CVE-2021-28860 via mixme (>=0.0.1 <=0.4.0)

mixme NPM version =0.0.1, =0.0.9, =1.0.1, =0.0.1, =0.9.3, =0.0.1-alpha.1, =0.9.7, =0.8.1, =0.0.1, =0.2.1, =0.0.2, =0.0.2-alpha.1 and more Source cves: CVE-2021-28860 Source advisory: OSV:GHSA-R5CQ-9537-9RPF...

9.1CVSS7.2AI score0.01827EPSS
Exploits0
CVE
CVE
added 2021/05/06 12:51 p.m.67 views

CVE-2021-29491

The CVE-2021-29491 entry concerns the mixme package for Node.js. Affected version: 0.5.0 (and earlier) allows an attacker to add or alter object properties via proto /proto in mutate/merge, enabling prototype pollution and potential DoS. The issue is fixed in version 0.5.1; upgrading to 0.5.1 or ...

8AI score
Exploits0
Cvelist
Cvelist
added 2021/05/03 11:48 a.m.48 views

CVE-2021-28860

In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via 'proto' through the mutate and merge functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential...

9.2AI score0.01827EPSS
Exploits0References5
CVE
CVE
added 2021/05/03 11:48 a.m.73 views

CVE-2021-28860

The data shows a prototype pollution flaw in Node.js mixme prior to version 0.5.1. Through mutate() and merge(), an attacker can set or alter properties on objects via proto , causing a polluted attribute to be copied into every object in the program and potentially leading to denial of service (...

9.1CVSS8.8AI score0.01827EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder