2 matches found
@diningcity/capacitor-qr-scanner (>=0.0.7 <=0.0.8), @mojitonft/hooks (=1.0.1-alpha.4) +93 more potentially affected by CVE-2025-26278 via dref (=0.0.6)
dref NPM version =0.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on dref and may be impacted: - @diningcity/capacitor-qr-scanner =0.0.7, =1.7.0, =0.0.1, =11.1.1, =3.3.3, =0.0.0-beta, =0.0.2, =1.0.2, =0.0.40, =0.0.2, =0.0.1, =0.0.1, =0.1.0, =0.1.19...
GHSA-76G8-235F-GJ6P dref is vulnerable to prototype pollution
A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...