14 matches found
EUVD-2021-0571
Malware in sbrugna...
CVE-2021-21304
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...
Prototype Pollution
Overview In Dynamoose versions 2.0.0-2.6.0 there was a prototype pollution vulnerability in the internal utility method lib/utils/object/set.ts. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being...
Prototype Pollution
dynamoose is vulnerable to prototype pollution. The vulnerability exists through lib/utils/object/set.ts where an attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
CVE-2021-21304
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...
CVE-2021-21304
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...
Design/Logic Flaw
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...
fintalk-pkg (>=2.3.20 <=2.3.22) potentially affected by CVE-2021-21304 via dynamoose (=2.3.0)
dynamoose NPM version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on dynamoose and may be impacted: - fintalk-pkg =2.3.20, =2.3.22 Source cves: CVE-2021-21304 Source advisory: OSV:GHSA-RRQM-P222-8PH2...
Prototype Pollution in Dynamoose
Impact In Dynamoose versions 2.0.0-2.6.0 there was a prototype pollution vulnerability in the internal utility method lib/utils/object/set.ts. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being...
GHSA-RRQM-P222-8PH2 Prototype Pollution in Dynamoose
Impact In Dynamoose versions 2.0.0-2.6.0 there was a prototype pollution vulnerability in the internal utility method lib/utils/object/set.ts. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being...
CVE-2021-21304 Prototype Pollution in Dynamoose
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...
CVE-2021-21304
CVE-2021-21304 describes a prototype pollution vulnerability in Dynamoose, located in the internal utility method lib/utils/object/set.ts . Affected are Dynamoose versions from 2.0.0 up to 2.6.x (and v2.x beta/alpha). The vulnerability was fixed in 2.7.0 . There is no evidence of exploitation rep...
Fishcharlie Amazon Dynamoose Security Breach
Fishcharlie Amazon Dynamoose is a modeling tool from the Fishcharlie organization in the United States. A modeling tool for Amazon DynamoDB is provided. Fishcharlie Amazon Dynamoose has a security vulnerability in versions prior to 2.0.0 and 2.7.0 that stems from a prototype contamination...
PT-2021-14403 · Dynamoose · Dynamoose
Name of the Vulnerable Software and Affected Versions: Dynamoose versions 2.0.0 through 2.6.0 Description: Dynamoose is an open-source modeling tool for Amazon's DynamoDB. A prototype pollution vulnerability was found in the internal utility method lib/utils/object/set.ts, which is used throughou...