Lucene search
K

7 matches found

vulnersOsv
vulnersOsv
added 2022/05/03 12:0 a.m.5 views

@bildvitta/vuex-offline (>=3.0.0-beta.0 <=3.0.0-beta.3), @indexeddb-orm/idb-orm (>=0.0.1 <=0.0.3) +4 more potentially affected by CVE-2022-21189 via dexie (>=4.0.0-alpha.1 <=4.0.0-alpha.2)

dexie NPM version =4.0.0-alpha.1, =3.0.0-beta.0, =0.0.1, =1.0.0, =1.0.0, =11.5.0, =12.4.1 Source cves: CVE-2022-21189 Source advisory: OSV:GHSA-3XGX-R9J4-QW9W...

9.8CVSS7.2AI score0.01884EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/03 12:0 a.m.6 views

@alma3lol/react-mvvm (>=1.0.0 <=1.3.0), @alveo-vl/jsalveo (=0.1.0) +280 more potentially affected by CVE-2022-21189 via dexie (>=1.3.6 <=3.2.1)

dexie NPM version =1.3.6, =1.0.0, =0.1.0, =2.1.0-testnet.79, =2.2.0-alpha.5, =0.5.1, =0.1.29-alpha.0, =0.0.1, =0.8.7, =0.9.14, =0.9.21, =0.9.14, =0.5.1, =1.0.0 and more Source cves: CVE-2022-21189 Source advisory: OSV:GHSA-3XGX-R9J4-QW9W...

9.8CVSS7.2AI score0.01884EPSS
Exploits1
Cvelist
Cvelist
added 2022/05/01 3:25 p.m.17 views

CVE-2022-21189 Prototype Pollution

The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...

7.3CVSS9.6AI score0.01884EPSS
Exploits1References4
CVE
CVE
added 2022/05/01 3:25 p.m.76 views

CVE-2022-21189

CVE-2022-21189 affects Dexie.js: prototype pollution in Dexie.setByKeyPath(obj, keyPath, value) allows adding/modifying properties on Object.prototype. Affected: Dexie.js

9.8CVSS8.3AI score0.01884EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/04/11 2:29 p.m.6 views

@bildvitta/vuex-offline (>=3.0.0-beta.0 <=3.0.0-beta.3), @indexeddb-orm/idb-orm (>=0.0.1 <=0.0.3) +4 more potentially affected by CVE-2022-21189 via dexie (>=4.0.0-alpha.1 <=4.0.0-alpha.2)

dexie NPM version =4.0.0-alpha.1, =3.0.0-beta.0, =0.0.1, =1.0.0, =1.0.0, =11.5.0, =12.4.1 Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...

9.8CVSS7.2AI score0.01884EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/04/11 2:29 p.m.5 views

@mdn/yari (>=0.14.3 <=0.14.14), @thomasrandolph/taproot (=0.48.3) +7 more potentially affected by CVE-2022-21189 via dexie (>=3.1.0-beta.12 <=3.2.1)

dexie NPM version =3.1.0-beta.12, =0.14.3, =1.293.0, =1.3.0-shadowmanager.3, =0.0.181, =1.0.4, =0.1.0, =0.1.0, =0.1.1, =0.1.8 Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...

9.8CVSS7.2AI score0.01884EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/04/11 2:29 p.m.4 views

@amedia/user (>=0.1.0 <=0.3.2), @aztec/alpha-sdk (=2.2.0) +61 more potentially affected by CVE-2022-21189 via dexie (>=3.0.0-rc.3 <=3.0.3)

dexie NPM version =3.0.0-rc.3, =0.1.0, =2.1.0-testnet.79, =2.2.0-alpha.5, =0.0.1-beta.1, =0.2.20, =0.14.37, =1.0.0, =2.2.0-alpha.3, =0.5.7, =0.5.7, =0.0.3, =0.0.3, =0.0.3, =0.0.6 and more Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...

9.8CVSS7.2AI score0.01884EPSS
Exploits1
Rows per page
Query Builder