EUVD-2022-5777

Malicious code in bioql PyPI...

Improper Input Validation in Deap

The utilities function in all versions 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...

ask (>=1.1.0 <=1.5.0), bid (>=0.1.0 <=1.0.0) +15 more potentially affected by CVE-2018-3749 via deap (>=0.1.2 <=0.2.2)

deap NPM version =0.1.2, =1.1.0, =0.1.0, =0.0.1, =0.1.0, =0.2.0, =0.0.4, =0.1.0, =0.1.0, =0.6.0, =0.3.0, =0.4.0, =0.4.0, =0.4.0, =0.1.0, =0.2.0 and more Source cves: CVE-2018-3749 Source advisory: OSV:GHSA-XG47-R67P-VHV5...

GHSA-XG47-R67P-VHV5 Improper Input Validation in Deap

The utilities function in all versions 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...

GHSA-XRMP-99WJ-P6JC Prototype Pollution in deap

Versions of deap before 1.0.1 are vulnerable to prototype pollution. Recommendation Update to version 1.0.1 or later...

ask (>=1.1.0 <=1.5.0), bid (>=0.1.0 <=1.0.0) +15 more potentially affected by unknown CVE via deap (>=0.1.2 <=0.2.2)

deap NPM version =0.1.2, =1.1.0, =0.1.0, =0.0.1, =0.1.0, =0.2.0, =0.0.4, =0.1.0, =0.1.0, =0.6.0, =0.3.0, =0.4.0, =0.4.0, =0.4.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XRMP-99WJ-P6JC...

Prototype Pollution in deap

Versions of deap before 1.0.1 are vulnerable to prototype pollution. Recommendation Update to version 1.0.1 or later...

CVE-2018-3749

The utilities function in all versions 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...

CVE-2018-3749

The utilities function in all versions 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...

CVE-2018-3749

CVE-2018-3749 affects the deap Node.js module: the utilities function can be abused to perform prototype pollution by modifying Object’s prototype when an attacker controls part of the input structure. This affects all versions

CVE-2018-3749

The utilities function in all versions 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...

Prototype Pollution

Overview Versions of deap before 1.0.1 are vulnerable to prototype pollution. Recommendation Update to version 1.0.1 or later. References - HackerOne Report - GitHub Advisory...

Prototype Pollution

deap is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects...

Node.js third-party modules: Prototype pollution attack (deap)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the deap library. Module: deap Summary: Utilities function in all the listed modules can be tricked into modify the prototype of "Object" when the attacker control part of the structure...