Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0571

Malware in sbrugna...

9.8CVSS9.3AI score0.01894EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 6:18 p.m.7 views

CVE-2021-21304

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

9.8CVSS6.8AI score0.01894EPSS
Exploits0References1
Node.js
Node.js
added 2021/02/22 5:14 p.m.47 views

Prototype Pollution

Overview In Dynamoose versions 2.0.0-2.6.0 there was a prototype pollution vulnerability in the internal utility method lib/utils/object/set.ts. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being...

7.5CVSS4.1AI score0.01894EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2021/02/09 6:39 a.m.14 views

Prototype Pollution

dynamoose is vulnerable to prototype pollution. The vulnerability exists through lib/utils/object/set.ts where an attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

9.8CVSS3.5AI score0.01894EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/02/08 6:15 p.m.21 views

CVE-2021-21304

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

9.8CVSS0.01894EPSS
Exploits0References4
OSV
OSV
added 2021/02/08 6:15 p.m.14 views

CVE-2021-21304

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

9.8CVSS9.4AI score
Exploits0References4
Prion
Prion
added 2021/02/08 6:15 p.m.12 views

Design/Logic Flaw

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

7.5CVSS9.4AI score0.01894EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2021/02/08 5:44 p.m.6 views

fintalk-pkg (>=2.3.20 <=2.3.22) potentially affected by CVE-2021-21304 via dynamoose (=2.3.0)

dynamoose NPM version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on dynamoose and may be impacted: - fintalk-pkg =2.3.20, =2.3.22 Source cves: CVE-2021-21304 Source advisory: OSV:GHSA-RRQM-P222-8PH2...

9.8CVSS7.2AI score0.01894EPSS
Exploits0
OSV
OSV
added 2021/02/08 5:44 p.m.44 views

GHSA-RRQM-P222-8PH2 Prototype Pollution in Dynamoose

Impact In Dynamoose versions 2.0.0-2.6.0 there was a prototype pollution vulnerability in the internal utility method lib/utils/object/set.ts. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being...

7.2CVSS9.5AI score0.01894EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/02/08 5:44 p.m.57 views

Prototype Pollution in Dynamoose

Impact In Dynamoose versions 2.0.0-2.6.0 there was a prototype pollution vulnerability in the internal utility method lib/utils/object/set.ts. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being...

9.8CVSS1.3AI score0.01894EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2021/02/08 5:40 p.m.77 views

CVE-2021-21304

CVE-2021-21304 describes a prototype pollution vulnerability in Dynamoose, located in the internal utility method lib/utils/object/set.ts . Affected are Dynamoose versions from 2.0.0 up to 2.6.x (and v2.x beta/alpha). The vulnerability was fixed in 2.7.0 . There is no evidence of exploitation rep...

9.8CVSS8.2AI score0.01894EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/02/08 5:40 p.m.20 views

CVE-2021-21304 Prototype Pollution in Dynamoose

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

7.2CVSS9.7AI score0.01894EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.11 views

Fishcharlie Amazon Dynamoose Security Breach

Fishcharlie Amazon Dynamoose is a modeling tool from the Fishcharlie organization in the United States. A modeling tool for Amazon DynamoDB is provided. Fishcharlie Amazon Dynamoose has a security vulnerability in versions prior to 2.0.0 and 2.7.0 that stems from a prototype contamination...

9.8CVSS7.3AI score0.01894EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/02/08 12:0 a.m.8 views

PT-2021-14403 · Dynamoose · Dynamoose

Name of the Vulnerable Software and Affected Versions: Dynamoose versions 2.0.0 through 2.6.0 Description: Dynamoose is an open-source modeling tool for Amazon's DynamoDB. A prototype pollution vulnerability was found in the internal utility method lib/utils/object/set.ts, which is used throughou...

9.8CVSS9.4AI score0.01894EPSS
Exploits0References10
Rows per page
Query Builder