Exploit for Prototype Pollution in Typeorm

CVE-2020-8158: TypeORM Prototype Pollution Vulnerability O...

the function deepFromFlat of underscore.deep is vulnerable to prototype pollution

Prototype Pollution in Clever/underscore.deep Reported on Feb 2nd 2022 | Timothee Desurmont Description Vulnerability type: CWE-1321 Version 0.5.1 of underscore.deep is vulnerable to prototype pollution; the function deepFromFlat in underscore.deep.js do not check if the attribute resolves to the...

Node.js: Prototype pollution via console.table properties

Summary: Attacker control of the second properties parameter of console.table may lead to prototype pollution. Description: Due to the formatting logic of the console.table function it is not safe to allow user controlled input to be passed to the properties parameter while simultaneously passing...

Improperly Controlled Modification of Object Prototype Attributes

Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Patches [email protected] patched it, anyone used think-config should...