Lucene search
+L

623 matches found

Hacker One
Hacker One
added 2020/05/19 7:34 p.m.22 views

Node.js third-party modules: [extend-merge] Prototype pollution

I would like to report a prototype pollution vulnerability in extend-merge module. It allows an attacker to inject properties on Object.prototype. Module module name: extend-merge version: 1.0.5 npm page: https://www.npmjs.com/package/extend-merge Module Description Shallow extend and deep merge...

0.8AI score
Exploits0
CNVD
CNVD
added 2020/04/07 12:0 a.m.1 views

npm package utils-extend input validation error vulnerability

npm package utils-extend is a lightweight package for extending Node.js utilities. An input validation error vulnerability exists in npm package utils-extend 1.0.8 and earlier versions. A remote attacker can exploit this vulnerability to execute code or cause a denial of service...

9.8CVSS7.4AI score0.03149EPSS
Exploits1
Node.js
Node.js
added 2020/04/06 6:13 p.m.33 views

Prototype Pollution

Overview All versions of utils-extend are vulnerable to prototype pollution. The extend function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently...

7.5CVSS3.6AI score0.03149EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2020/04/06 9:2 a.m.6 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.4AI score0.87218EPSS
Exploits4References6
NVD
NVD
added 2020/04/03 9:15 p.m.31 views

CVE-2020-8147

Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend...

9.8CVSS9.7AI score0.03149EPSS
Exploits1References1
OSV
OSV
added 2020/04/03 9:15 p.m.5 views

CVE-2020-8147

Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend...

9.8CVSS6.3AI score0.03149EPSS
Exploits1References1
Prion
Prion
added 2020/04/03 9:15 p.m.11 views

Input validation

Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend...

7.5CVSS9.7AI score0.03149EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/04/03 8:52 p.m.128 views

CVE-2020-8147

CVE-2020-8147 affects the npm package utils-extend (version 1.0.8 and earlier). The underlying issue is a prototype pollution flaw in the extend function, allowing an attacker to modify a base Object’s prototype, with potential consequences including remote code execution or denial of service as ...

9.8CVSS9.7AI score0.03149EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2020/04/03 9:59 a.m.22 views

Prototype Pollution

utils-extend is vulnerable to prototype pollution. An attacker is able to modify the prototype of a base object and potentially execute arbitrary code...

9.8CVSS5AI score0.03149EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/03/23 11:22 a.m.12 views

1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +801 more potentially affected by CVE-2020-8147 +1 more via utils-extend (=1.0.8)

utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...

9.8CVSS7.2AI score0.03149EPSS
Exploits1
Snyk
Snyk
added 2020/03/23 11:22 a.m.4 views

Prototype Pollution

Overview utils-extend is a package to extend nodejs util api. Affected versions of this package are vulnerable to Prototype Pollution. The extend method within utils-extend can be tricked into adding or modifying properties of Object.prototype Note: CVE-2024-57077 is a duplicate of this...

9.8CVSS6.7AI score0.03149EPSS
Exploits1References2
Hacker One
Hacker One
added 2020/02/21 7:35 a.m.124 views

Node.js third-party modules: [utils-extend] Prototype pollution

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report prototype poluti...

7.5CVSS0.3AI score0.03149EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.9 views

Net-SNMPd Write Access SNMP-EXTEND-MIB arbitrary code execution (authenticated)

Targets running Net-SNMPd may be vulnerable to remote code execution. If the service user has R/W access and the attacker knows the SNMP community string value, then the attacker can manipulate the target’s SNMP extension MIBs SNMP-EXTEND-MIB to enable and achieve remote code execution on the...

4.4AI score
Exploits0References4
CNVD
CNVD
added 2020/02/11 12:0 a.m.4 views

Nextcloud Server Improper Access Control Checking Vulnerability (CNVD-2020-05120)

Nextcloud is a client-server software suite for creating network hard disks. An improper share expiration date access control checking vulnerability exists in Nextcloud Server 14.0.3. A recipient could exploit the vulnerability to extend the expiration date of a share that it receives...

4.3CVSS6.8AI score0.00684EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/11/25 12:0 a.m.6 views

The vulnerability of the jQuery.extend function (true, {}, …) in the jQuery library allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the jQuery.extend function exists because measures to protect the structure of web pages are not taken. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and integrity of the protected information...

6.1CVSS6.6AI score0.87218EPSS
Exploits4References14Affected Software17
RedHat Linux
RedHat Linux
added 2019/10/10 3:39 p.m.4 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2019/10/10 3:38 p.m.3 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2019/09/05 5:26 a.m.9 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
OSV
OSV
added 2019/07/02 8:15 p.m.4 views

CVE-2019-10136

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

4.3CVSS6.1AI score0.00575EPSS
Exploits0References2
Node.js
Node.js
added 2019/06/19 12:18 a.m.17 views

Prototype Pollution

Overview Versions of extend prior to 3.0.2 for 3.x and 2.0.2 for 2.x are vulnerable to Prototype Pollution. The extend function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation If you're...

6.9AI score
Exploits0Affected Software1
Rows per page
Query Builder