Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-2258

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01884EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/15 4:39 p.m.15 views

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-21189 DESCRIPTION: Node.js dexie module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the Dexie.setByKeyPathobj, keyPath,...

9.8CVSS8.7AI score0.01884EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2022/05/05 4:48 p.m.21 views

Prototype Pollution

dexie is vulnerable to prototype pollution. An attacker is able to add or modify properties of the Object.prototype via the Dexie.setByKeyPath function, which does not properly check whether the keys have been set like proto or constructor, leading to prototype pollution vulnerability...

9.8CVSS3.9AI score0.01884EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/03 12:0 a.m.6 views

@alma3lol/react-mvvm (>=1.0.0 <=1.3.0), @alveo-vl/jsalveo (=0.1.0) +280 more potentially affected by CVE-2022-21189 via dexie (>=1.3.6 <=3.2.1)

dexie NPM version =1.3.6, =1.0.0, =0.1.0, =2.1.0-testnet.79, =2.2.0-alpha.5, =0.5.1, =0.1.29-alpha.0, =0.0.1, =0.8.7, =0.9.14, =0.9.21, =0.9.14, =0.5.1, =1.0.0 and more Source cves: CVE-2022-21189 Source advisory: OSV:GHSA-3XGX-R9J4-QW9W...

9.8CVSS7.2AI score0.01884EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/03 12:0 a.m.5 views

@bildvitta/vuex-offline (>=3.0.0-beta.0 <=3.0.0-beta.3), @indexeddb-orm/idb-orm (>=0.0.1 <=0.0.3) +4 more potentially affected by CVE-2022-21189 via dexie (>=4.0.0-alpha.1 <=4.0.0-alpha.2)

dexie NPM version =4.0.0-alpha.1, =3.0.0-beta.0, =0.0.1, =1.0.0, =1.0.0, =11.5.0, =12.4.1 Source cves: CVE-2022-21189 Source advisory: OSV:GHSA-3XGX-R9J4-QW9W...

9.8CVSS7.2AI score0.01884EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/03 12:0 a.m.29 views

Prototype Pollution in Dexie

Dexie is a minimalistic wrapper for IndexedDB. The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This c...

9.8CVSS3AI score0.01884EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/05/03 12:0 a.m.2 views

GHSA-3XGX-R9J4-QW9W Prototype Pollution in Dexie

Dexie is a minimalistic wrapper for IndexedDB. The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This c...

7.3CVSS7.2AI score0.01884EPSS
Exploits1References6
NVD
NVD
added 2022/05/01 4:15 p.m.20 views

CVE-2022-21189

The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...

9.8CVSS0.01884EPSS
Exploits1References4
OSV
OSV
added 2022/05/01 4:15 p.m.19 views

CVE-2022-21189

The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...

9.8CVSS6.7AI score
Exploits0References4
Prion
Prion
added 2022/05/01 4:15 p.m.11 views

Design/Logic Flaw

The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...

7.5CVSS9.3AI score0.01884EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/05/01 3:25 p.m.15 views

CVE-2022-21189 Prototype Pollution

The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...

7.3CVSS9.6AI score0.01884EPSS
Exploits1References4
CVE
CVE
added 2022/05/01 3:25 p.m.75 views

CVE-2022-21189

CVE-2022-21189 affects Dexie.js: prototype pollution in Dexie.setByKeyPath(obj, keyPath, value) allows adding/modifying properties on Object.prototype. Affected: Dexie.js

9.8CVSS8.3AI score0.01884EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/05/01 12:0 a.m.8 views

Dexie 安全漏洞

Dexie is a wrapper library for indexedDB a standard database in the browser that provides a clean database API. A security vulnerability exists in Dexie versions prior to 3.2.2, 4.0.0-alpha.1 through 4.0.0-alpha.3, which can be exploited by an attacker to cause a Denial of Service DoS attack...

9.8CVSS8.2AI score0.01884EPSS
Exploits1References5
Snyk
Snyk
added 2022/04/11 2:29 p.m.2 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties of the Object.prototype leading to...

9.8CVSS9AI score0.01884EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/04/11 2:29 p.m.4 views

@amedia/user (>=0.1.0 <=0.3.2), @aztec/alpha-sdk (=2.2.0) +61 more potentially affected by CVE-2022-21189 via dexie (>=3.0.0-rc.3 <=3.0.3)

dexie NPM version =3.0.0-rc.3, =0.1.0, =2.1.0-testnet.79, =2.2.0-alpha.5, =0.0.1-beta.1, =0.2.20, =0.14.37, =1.0.0, =2.2.0-alpha.3, =0.5.7, =0.5.7, =0.0.3, =0.0.3, =0.0.3, =0.0.6 and more Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...

9.8CVSS7.2AI score0.01884EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/04/11 2:29 p.m.5 views

@mdn/yari (>=0.14.3 <=0.14.14), @thomasrandolph/taproot (=0.48.3) +7 more potentially affected by CVE-2022-21189 via dexie (>=3.1.0-beta.12 <=3.2.1)

dexie NPM version =3.1.0-beta.12, =0.14.3, =1.293.0, =1.3.0-shadowmanager.3, =0.0.181, =1.0.4, =0.1.0, =0.1.0, =0.1.1, =0.1.8 Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...

9.8CVSS7.2AI score0.01884EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/04/11 2:29 p.m.6 views

@bildvitta/vuex-offline (>=3.0.0-beta.0 <=3.0.0-beta.3), @indexeddb-orm/idb-orm (>=0.0.1 <=0.0.3) +4 more potentially affected by CVE-2022-21189 via dexie (>=4.0.0-alpha.1 <=4.0.0-alpha.2)

dexie NPM version =4.0.0-alpha.1, =3.0.0-beta.0, =0.0.1, =1.0.0, =1.0.0, =11.5.0, =12.4.1 Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...

9.8CVSS7.2AI score0.01884EPSS
Exploits1
Rows per page
Query Builder