EUVD-2022-5576

Malicious code in bioql PyPI...

CVE-2020-28276

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

@dataparty/bouncer-model (>=1.0.1 <=1.4.0), @dataparty/dpc (>=0.1.0 <=0.4.14) +8 more potentially affected by CVE-2020-28276 via deep-set (=1.0.1)

deep-set NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on deep-set and may be impacted: - @dataparty/bouncer-model =1.0.1, =0.1.0, =0.1.1, =1.0.1, =0.1.0, =0.0.1, =2.2.0 - stalwart =0.1.0 Source cves: CVE-2020-28276 Source advisory:...

Prototype pollution vulnerability in 'deep-set'

The NPM module 'deep-set' can be abused by Prototype Pollution vulnerability since the function deepSet does not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to...

GHSA-WGXM-RG53-H2C6 Prototype pollution vulnerability in 'deep-set'

The NPM module 'deep-set' can be abused by Prototype Pollution vulnerability since the function deepSet does not check for the type of object before assigning value to the property. Due to this flaw an attacker could create a non-existent property or able to manipulate the property which leads to...

Prototype Pollution

deep-set is vulnerable to prototype pollution. The vulnerability exists through the lack of sanitization of proto header values...

CVE-2020-28276

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28276

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

Remote code execution

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28276

CVE-2020-28276 concerns the npm package deep-set , with vulnerable versions 1.0.0–1.0.1. The root cause is a prototype pollution flaw where the function deepSet() may assign to proto without validating object types, enabling an attacker to manipulate properties and potentially cause Denial of Ser...

CVE-2020-28276

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

Klaemo Deep Set Security Vulnerability

Klaemo Deep Set is a codebase from the individual developers of Klaemo based on the Javascript language that can assign values to objects of dictionary type. A security vulnerability exists in deep-set versions 1.0.0 through 1.0.1, which can be exploited by an attacker to cause a denial of servic...