GHSA-WF6X-7X77-MVGW Immutable is vulnerable to Prototype Pollution

Impact What kind of vulnerability is it? Who is impacted? A Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. Affected APIs | API | Notes | | --------------------------------------- |...

EUVD-2019-0617

Malware in sbrugna...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:ag-grid-community is a fully-featured and highly customizable JavaScript data grid. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the .mergeDeep function. An attacker can execute...

GHSA-MJJJ-6P43-VHHV Prototype Pollution in deep-get-set

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715...

Prototype Pollution

Overview deep-get-set is a Set and get values on objects via dot-notation strings. Affected versions of this package are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715 POC: js let deep = require'deep-get-set';...

Prototype Pollution in smart-extend

All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider using an...

GHSA-F8H3-RQRM-47V9 Prototype Pollution in smart-extend

All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider using an...

Node.js third-party modules: Prototype pollution attack (smart-extend)

Hi team, I would like to report a prototype pollution vulnerability in smart-extend that allows an attacker to inject properties on Object.prototype. Module module name: smart-extend version: 1.7.3 npm page: https://www.npmjs.com/package/smart-extend Module Description smart-extend is an extensio...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to an incomplete fix to CVE-2018-3721. Details Prototype Pollution is a...