5 matches found
EUVD-2021-0994
Malware in sbrugna...
@asephermann/capacitor-filechooser (=0.0.1), @jewel998/mock-location (>=0.0.9 <=0.0.10) +53 more potentially affected by CVE-2021-28860 via mixme (>=0.0.1 <=0.4.0)
mixme NPM version =0.0.1, =0.0.9, =1.0.1, =0.0.1, =0.9.3, =0.0.1-alpha.1, =0.9.7, =0.8.1, =0.0.1, =0.2.1, =0.0.2, =0.0.2-alpha.1 and more Source cves: CVE-2021-28860 Source advisory: OSV:GHSA-R5CQ-9537-9RPF...
CVE-2021-29491
The CVE-2021-29491 entry concerns the mixme package for Node.js. Affected version: 0.5.0 (and earlier) allows an attacker to add or alter object properties via proto /proto in mutate/merge, enabling prototype pollution and potential DoS. The issue is fixed in version 0.5.1; upgrading to 0.5.1 or ...
CVE-2021-28860
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via 'proto' through the mutate and merge functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential...
CVE-2021-28860
The data shows a prototype pollution flaw in Node.js mixme prior to version 0.5.1. Through mutate() and merge(), an attacker can set or alter properties on objects via proto , causing a polluted attribute to be copied into every object in the program and potentially leading to denial of service (...