GHSA-VJ72-MWRJ-M2XQ Prototype Pollution in deepmergefn

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function...

CVE-2021-23417

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function...

CVE-2021-23417

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function...

deepmergefn 安全漏洞

deepmergefn is an application. A deepmergefn mixes two data objects. deepmergefn suffers from a security vulnerability that stems from vulnerability to prototype contamination via the deepMerge function, which can be exploited by attackers to cause remote code execution...

Prototype Pollution

Overview deepmergefn is a Mixes two data objects in depth Affected versions of this package are vulnerable to Prototype Pollution via deepMerge function. PoC const deepMerge = require"deepmergefn"; EVILDATA = JSON.parse'"proto":"polluted":true'; deepMerge, EVILDATA; console.logpolluted; Details...

Prototype Pollution in gammautils

All versions of package gammautils up to and including version 0.0.81 are vulnerable to Prototype Pollution via the deepSet and deepMerge functions...

GHSA-PGMG-GF5P-54J8 Prototype Pollution in gammautils

All versions of package gammautils up to and including version 0.0.81 are vulnerable to Prototype Pollution via the deepSet and deepMerge functions...

Prototype Pollution

gammautils is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto header to be set through the deepSet and deepMerge functions...

CVE-2020-7718

All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions...

CVE-2020-7718

CVE-2020-7718 affects the gammautils package. The connected sources confirm a Prototype Pollution vulnerability in gammautils through deepSet and deepMerge, impacting versions prior to 0.0.82 (listed as vulnerable up to 0.0.81 in GHSA/OSV/Veracode entries and PT-2020-19740). The vulnerability can...

CVE-2020-7718 Prototype Pollution

All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions...

PT-2020-19740 · Unknown · Gammautils

Name of the Vulnerable Software and Affected Versions: gammautils versions prior to 0.0.82 Description: The issue concerns Prototype Pollution via the deepSet and deepMerge functions. Recommendations: For versions prior to 0.0.82, update to version 0.0.82 or later to resolve the issue...

Prototype Pollution

Overview gammautils is a Lots of utilities for Node.js Affected versions of this package are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. POC: const gammautils = require'gammautils'; var payload = JSON.parse'""proto"":""polluted"":true'; gammautils.object.deepSet,...

Prototype Pollution

Overview @fluentui/styles is a set of styling utilities for CSS-in-JS. Affected versions of this package are vulnerable to Prototype Pollution. The deepmerge function available within the styles package of FluentUI allows one object to merge with another recursively. Given a value such as proto,...

Prototype Pollution in @apollo/gateway

Versions of @apollo/gateway prior to 0.6.2 are vulnerable to Prototype Pollution. The package uses deepMerge to merge objects, which may allow attackers to alter the Object prototype through queries with GraphQL aliases. Carefully constructed payloads can override properties of all objects in the...

Prototype Pollution

Overview Versions of @apollo/gateway prior to 0.6.2 are vulnerable to Prototype Pollution. The package uses deepMerge to merge objects, which may allow attackers to alter the Object prototype through queries with GraphQL aliases. Carefully constructed payloads can override properties of all objec...