vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox for Node.js developed by Patrik Simek from Czech Republic. It runs untrusted code using built-in Node modules listed in the allowlist. In versions 3.9.6 to 3.10.5 of vm2, there was a code injection vulnerability. This vulnerability stemmed from a bridgi...

EUVD-2025-205451

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

PT-2025-53598

Name of the Vulnerable Software and Affected Versions apidoc-core versions 0.2.0 and subsequent versions Description A prototype pollution issue exists in apidoc-core. This allows remote attackers to modify JavaScript object prototypes through malformed data structures, specifically the “define”...

OSV-2025-879 Use-of-uninitialized-value in JS_DefineProperty

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=457858149 Crash type: Use-of-uninitialized-value Crash state: JSDefineProperty buildbacktrace JSCallInternal...

OSV-2025-835 Heap-use-after-free in JS_DefineProperty

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=451334094 Crash type: Heap-use-after-free READ 8 Crash state: JSDefineProperty buildbacktrace JSCallInternal...

OSV-2025-824 Use-of-uninitialized-value in JS_DefineProperty

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=449772271 Crash type: Use-of-uninitialized-value Crash state: JSDefineProperty buildbacktrace JSCallInternal...

OSV-2025-515 Use-of-uninitialized-value in JS_DefineProperty

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=428754593 Crash type: Use-of-uninitialized-value Crash state: JSDefineProperty buildbacktrace JSCallInternal...

Prototype Pollution

Overview utilities is an A classic collection of JavaScript utilities Affected versions of this package are vulnerable to Prototype Pollution via the mix function. PoC javascript var utilities = require"utilities" badobjects= test:"123" console.log"Before:"+.test...

GHSA-9PCF-H8Q9-63F6 Sandbox Breakout / Arbitrary Code Execution in safe-eval

All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload chaining a function's callee and caller constructors can escape the sandbox and execute arbitrary code. For example, the payload = const targetKey = Object.keysthis0; Object.definePropertythis,...

Prototype Pollution

Overview deeps is a Highly performant utilities to manage deeply nested objects. get, set, merge, flatten, diff etc. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const deeps = require'deeps'; deeps.set, 'proto.polluted', true;...

Google Chrome Extensions Subsystem Homology Policy Bypass Vulnerability

Google Chrome is a popular web browser. Google Chrome's Extensions subsystem fails to restrict the use of the Object.defineProperty method to rewrite build-in extension code, which can be exploited by remote attackers to bypass the same-origin policy using specially crafted JavaScript code...

chromium-browser: same-origin bypass in Extensions

The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

Mozilla: top object and location property accessible by plugins (MFSA 2012-82)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting XSS attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and...

Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59)

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object aka window.location, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via vectors involving a...

Mozilla: top object and location property accessible by plugins (MFSA 2012-82)

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting XSS attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and...

Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59)

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object aka window.location, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via vectors involving a...