10 matches found
CVE-2026-24888
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...
Prototype Pollution
Overview makerjs is a Maker.js, a Microsoft Garage project, is a JavaScript library for creating and sharing modular line drawings for CNC and laser cutters. Affected versions of this package are vulnerable to Prototype Pollution via the extendObject function. An attacker can inject or overwrite...
CVE-2026-24888
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...
CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...
CVE-2026-24888
Maker.js (makerjs.extendObject) is vulnerable to unsafe property copying. The function iterates with for...in without hasOwnProperty() checks and fails to filter dangerous keys, enabling inherited or crafted properties (e.g., proto ) to be copied to targets. This prototype-pollution risk is docum...
CVE-2026-24888
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...
CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...
CVE-2026-24888 Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...
PT-2026-5230
Name of the Vulnerable Software and Affected Versions Maker.js versions up to and including 0.19.1 Description Maker.js is a 2D vector line drawing and shape modeling library for CNC and laser cutters. The makerjs.extendObject function copies properties from source objects without proper...
Maker.js security vulnerabilities
Maker.js is a two-dimensional vector drawing and shape modeling tool open-sourced by Microsoft. Versions of Maker.js prior to 0.19.1 contain security vulnerabilities. These vulnerabilities stem from the makerjs.extendObject function, which lacks proper validation when copying object properties...