Prototype Pollution

Overview pace-js is an Automatically add a progress bar to your site. Affected versions of this package are vulnerable to Prototype Pollution via the extend function, which recursively copies key-value pairs from the source object without properly validating property names. An attacker can exploi...

AZL-49818 CVE-2024-46808 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add missing NULL pointer check within dpcdextendaddressrange Why & How ASSERT if return NULL from kcalloc...

UBUNTU-CVE-2024-46808

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add missing NULL pointer check within dpcdextendaddressrange Why & How ASSERT if return NULL from kcalloc...

jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype.

...

Prototype Pollution

chartist is vulnerable to Prototype Pollution. The vulnerability is due to lack of validation in the extend function to prevent arguments from modifying the object prototype in Chartist, allows an attacker to inject malicious object properties using the proto property, which recursively affects a...

CVE-2024-45435

CVE-2024-45435 affects Chartist 1.x–1.3.0, due to a lack of validation in the extend function that enables prototype pollution. This can allow an attacker to modify the Object prototype via proto , impacting all objects in the application (reported CVSS v3.1 base score 9.8, critical, with network...

CVE-2024-45435

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function...

CVE-2024-45435

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function...

PT-2024-31628 · Chartist · Chartist

Name of the Vulnerable Software and Affected Versions: Chartist versions 1.x through 1.3.0 Description: The issue allows Prototype Pollution via the extend function. This can potentially lead to security risks, as it may enable attackers to manipulate the prototype chain of objects, affecting the...

PT-2024-40842 · Git +1 · Hdf5

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several functions, including H5SL search, H5FS sect remove real, and H5FS...

ShopXO Code Issues Vulnerabilities

ShopXO is an open source enterprise-level open source e-commerce system from ShopXO Inc. A code issue exists in ShopXO version 6.1.0 and earlier versions, which is caused by a server-side request forgery vulnerability in the source parameter of the extend/base/Uploader.php file...

@amoy/common v was discovered to contain a prototype pollution via the function extend

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38994

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

amoy common Security Vulnerabilities

amoy common is an amoyjs open source library. A security vulnerability exists in amoy common v1.0.10, which stems from a prototype contamination via the function extend that allows an attacker to execute arbitrary code or cause a denial of service DoS by injecting arbitrary attributes...

CVE-2024-39013

2o3t-utility v0.1.2 is vulnerable to prototype pollution via the extend function. The issue allows attackers to inject arbitrary properties, enabling arbitrary code execution or Denial of Service (DoS). CVSS 3.1 base score is 9.8 (CRITICAL) with network attack vector, no authentication, and high ...

PT-2024-28323 · Unknown · 2O3T-Utility

Name of the Vulnerable Software and Affected Versions: 2o3t-utility version 0.1.2 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties using the extend function, which is affected by prototype pollution...

2o3t-Utility Security Vulnerabilities

2o3t-Utility is a simple Node.js basic tool library open-sourced by 2o3t. A security vulnerability exists in version v0.1.2 of 2o3t-Utility, which stems from inclusion of prototype contamination via the function extend, allowing an attacker to execute arbitrary code or cause a denial of service D...

Exploit for CVE-2024-37791

CVE-2024-37791 CVE-2024-37791 项目地址： 准备工作： 登入后台-获取co...

Prototype Pollution

@alexbinary/object-deep-assign is vulnerable to Prototype Pollution. The vulnerability is due to the lack of prototype checks in the extend function within index.js. Attackers can exploit this method to copy malicious properties to the built-in Object.prototype through special properties like pro...

GHSA-4XG3-7W7Q-856Q object-deep-assign Prototype Pollution

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...