Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:14 a.m.27 views

CVE-2022-41713

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3CVSS6.7AI score0.00643EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2022/11/04 12:0 p.m.5 views

@backland/accounts (>=0.1.3-alpha.2022.11.25.20.14.44.0 <=0.1.3-alpha.20221123222206.0), @backland/entity (>=0.1.3-alpha.2022.11.25.20.14.44.0 <=0.1.3-alpha.20221123222206.0) +29 more potentially affected by CVE-2022-41713 via deep-object-diff (=1.1.7)

deep-object-diff NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on deep-object-diff and may be impacted: - @backland/accounts =0.1.3-alpha.2022.11.25.20.14.44.0, =0.1.3-alpha.2022.11.25.20.14.44.0, =0.1.3-alpha.2022.11.25.20.14.44.0,...

5.3CVSS6AI score0.00643EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.6 views

CVE-2022-41713 deep-object-diff 1.1.0 - Prototype Pollution

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3AI score0.00643EPSS
Exploits1References2
CVE
CVE
added 2022/11/03 12:0 a.m.67 views

CVE-2022-41713

CVE-2022-41713 affects the Node.js library deep-object-diff version 1.1.0, where improper validation of incoming JSON keys allows prototype pollution via the proto property. The available connected documents confirm the root cause as a prototype pollution weakness in deep-object-diff 1.1.0 and re...

5.3CVSS5.1AI score0.00643EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder