13 matches found
CVE-2023-45827
Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...
Exploit for Prototype Pollution in Clickbar Dot-Diver
CVE-2023-45827 취약점 개요 - CVE-2023-45827 - CVSS : 9.8 -...
CVE-2023-45827
Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...
Design/Logic Flaw
Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...
CVE-2023-45827 Prototype Pollution vulnerability in @clickbar/dot-diver
Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...
CVE-2023-45827
CVE-2023-45827 affects the Dot diver library (@clickbar/dot-diver). The Red Hat and OSV/GHSA records confirm a Prototype Pollution vulnerability in the setByPath function, enabling potential remote code execution. Details from connected records show the issue occurs in versions prior to 1.0.2 due...
CVE-2023-45827 Prototype Pollution vulnerability in @clickbar/dot-diver
Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...
CVE-2023-45827 Prototype Pollution vulnerability in @clickbar/dot-diver
Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...
Prototype Pollution
@clickbar/dot-diver is vulnerable to Prototype Pollution. The vulnerability is due to the getByPath and setByPath functions in index.ts not properly validating the type of the object being passed. This allows an attacker to potentially modify attributes like proto, constructor, and prototype by...
Dot diver security breach
Dot diver is a lightweight, powerful and dependency-free TypeScript utility library that provides types and functions for working with object paths in the dot representation. A security vulnerability exists in Dot diver versions prior to 1.0.2. An attacker can exploit the vulnerability to remotel...
GHSA-9W5F-MW3P-PJ47 Prototype Pollution(PP) vulnerability in setByPath
Summary There is a Prototype PollutionPP vulnerability in dot-diver. It can leads to RCE. Details javascript //https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277 // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access objectToSetlastKey = value In this code, there is ...
Prototype Pollution(PP) vulnerability in setByPath
Summary There is a Prototype PollutionPP vulnerability in dot-diver. It can leads to RCE. Details javascript //https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277 // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access objectToSetlastKey = value In this code, there is ...
PT-2023-8584 · Dot-Diver · Dot-Diver
Name of the Vulnerable Software and Affected Versions: dot-diver versions prior to 1.0.2 Description: The issue is related to a Prototype Pollution vulnerability in the setByPath function, which can lead to remote code execution RCE. This vulnerability allows an attacker to modify object...