Design/Logic Flaw

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

CVE-2021-23574

The CVE-2021-23574 entry covers a Prototype Pollution vulnerability in the js-data package triggered via deepFillIn and set, with root cause in object contamination and an impact profile of high severity. Connected documents corroborate this as a js-data issue and note the pollution affects all v...

js-data 安全漏洞

js-data is a framework-agnostic, datastore-agnostic ORM for Node.js and browsers. A security vulnerability exists in js-data that stems from packages being susceptible to prototype contamination via the deepFillIn and set functions...

Prototype Pollution

Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442. PoC 1 var jsdata = require'js-data'; var obj = ; var payload =...

CVE-2020-28442

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...

CVE-2020-28442

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...

Code injection

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...

CVE-2020-28442 Prototype Pollution

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...

Js-data Security Vulnerabilities

Js-data is Js-data Js-data team of a Javascript-based ORM framework for interacting with multiple data sources . The software supports Firebase, MySql, RethinkDB, MongoDB, localStorage, Redis and other data sources. A security vulnerability exists in all versions of js-data, which stems from the...

Prototype Pollution

mout is vulnerable to prototype pollution. An attacker is able to fill missing properties recursively via deepFillIn and mixes objects into the target existing child objects object recursively using deepMixIn as those functions do not validate the key to access the target object recursively...

CVE-2020-7792

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursive...

CVE-2020-7792

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursive...

Design/Logic Flaw

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursive...

CVE-2020-7792

The CVE-2020-7792 entry applies to the mout package where the deepFillIn and deepMixIn functions perform recursive operations without properly checking the target property key. This enables Prototype Pollution across all versions of mout and can affect Object.prototype when exploited via recursiv...

CVE-2020-7792 Prototype Pollution

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursive...

Mout deepFillIn Code Issue Vulnerability

Mout is a Javascript-based code library from the Mout team that provides modular support for JS programming. Mout suffers from a security vulnerability that stems from the fact that the deepFillIn function can be used to "recursively fill in missing attributes" while deepMixIn "mixes objects into...

Prototype Pollution

Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepMixIn and deepFillIn functions. PoC const utils = require"js-data"; const obj = ; const source = JSON.parse'"proto":"polluted":"yes"';...

Prototype Pollution

Overview mout is a Modular Utilities Affected versions of this package are vulnerable to Prototype Pollution. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'...