30 matches found
EUVD-2020-0554
Malware in sbrugna...
Rocky Linux 8 : nodejs:10 (RLSA-2021:0548)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0548 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...
Rocky Linux 8 : nodejs:12 (RLSA-2020:4272)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4272 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...
SUSE CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...
RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:5086)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5086 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
RHEL 7 : rh-nodejs10-nodejs (RHSA-2021:0521)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0521 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
nodejs-dot-prop: prototype pollution
A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...
RHEL 8 : nodejs:10 (RHSA-2021:0548)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0548 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
nodejs-dot-prop: prototype pollution
A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...
Prototype Pollution in alexandervu/dot-prop-opt
Description dot-prop-opt is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const set = require'dot-prop-opt' console.log'Before: ' + .polluted set, 'proto.polluted', true console.log'After: ' + .polluted 2. Execute the following commands...
nodejs-dot-prop: prototype pollution
A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...
nodejs-dot-prop: prototype pollution
A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...
Prototype Pollution
ts-dot-prop is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
nodejs-dot-prop: prototype pollution
A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...
RHEL 8 : nodejs:12 (RHSA-2020:4272)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4272 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Node.js third-party modules: [ts-dot-prop] Prototype Pollution
I would like to report a Prototype Pollution vulnerability in ts-dot-prop. It allows an attacker to inject properties on Object.prototype. Module module name: ts-dot-prop version: 1.4.0 npm page: https://www.npmjs.com/package/ts-dot-prop Module Description TypeScript utility to transform nested...
dot-prop Prototype Pollution vulnerability
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...
GHSA-FF7X-QRG7-QGGM dot-prop Prototype Pollution vulnerability
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...
CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...
DEBIAN-CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...