623 matches found
Node.js third-party modules: [extend-merge] Prototype pollution
I would like to report a prototype pollution vulnerability in extend-merge module. It allows an attacker to inject properties on Object.prototype. Module module name: extend-merge version: 1.0.5 npm page: https://www.npmjs.com/package/extend-merge Module Description Shallow extend and deep merge...
npm package utils-extend input validation error vulnerability
npm package utils-extend is a lightweight package for extending Node.js utilities. An input validation error vulnerability exists in npm package utils-extend 1.0.8 and earlier versions. A remote attacker can exploit this vulnerability to execute code or cause a denial of service...
Prototype Pollution
Overview All versions of utils-extend are vulnerable to prototype pollution. The extend function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently...
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
CVE-2020-8147
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend...
CVE-2020-8147
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend...
Input validation
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend...
CVE-2020-8147
CVE-2020-8147 affects the npm package utils-extend (version 1.0.8 and earlier). The underlying issue is a prototype pollution flaw in the extend function, allowing an attacker to modify a base Object’s prototype, with potential consequences including remote code execution or denial of service as ...
Prototype Pollution
utils-extend is vulnerable to prototype pollution. An attacker is able to modify the prototype of a base object and potentially execute arbitrary code...
1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +801 more potentially affected by CVE-2020-8147 +1 more via utils-extend (=1.0.8)
utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...
Prototype Pollution
Overview utils-extend is a package to extend nodejs util api. Affected versions of this package are vulnerable to Prototype Pollution. The extend method within utils-extend can be tricked into adding or modifying properties of Object.prototype Note: CVE-2024-57077 is a duplicate of this...
Node.js third-party modules: [utils-extend] Prototype pollution
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report prototype poluti...
Net-SNMPd Write Access SNMP-EXTEND-MIB arbitrary code execution (authenticated)
Targets running Net-SNMPd may be vulnerable to remote code execution. If the service user has R/W access and the attacker knows the SNMP community string value, then the attacker can manipulate the target’s SNMP extension MIBs SNMP-EXTEND-MIB to enable and achieve remote code execution on the...
Nextcloud Server Improper Access Control Checking Vulnerability (CNVD-2020-05120)
Nextcloud is a client-server software suite for creating network hard disks. An improper share expiration date access control checking vulnerability exists in Nextcloud Server 14.0.3. A recipient could exploit the vulnerability to extend the expiration date of a share that it receives...
The vulnerability of the jQuery.extend function (true, {}, …) in the jQuery library allows a attacker to compromise the confidentiality and integrity of the protected information.
The vulnerability of the jQuery.extend function exists because measures to protect the structure of web pages are not taken. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and integrity of the protected information...
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
CVE-2019-10136
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...
Prototype Pollution
Overview Versions of extend prior to 3.0.2 for 3.x and 2.0.2 for 2.x are vulnerable to Prototype Pollution. The extend function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation If you're...