11 matches found
JavaScript Cookie 安全漏洞
JavaScript Cookie is a lightweight JavaScript cookie operation library developed by js-cookie. Versions of JavaScript Cookie prior to 3.0.7 contained security vulnerabilities. These vulnerabilities stemmed from the use of the for...in loop and standard assignment methods to copy properties within...
GHSA-X7J8-49R8-MR43 @nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
Summary The copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys proto, constructor, prototype. This allows an attacker to pollute the prototype chain of all objects in the...
@nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...in without hasOwnProperty
Summary The copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys proto, constructor, prototype. This allows an attacker to pollute the prototype chain of all objects in the...
PT-2026-42689
Name of the Vulnerable Software and Affected Versions js-cookie versions prior to 3.0.7 Description The internal assign function copies properties using a for...in loop and plain assignment. When a source object is created via JSON.parse, the proto member is treated as an own enumerable property...
EUVD-2025-205581
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...
CVE-2025-65570
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...
CVE-2025-65570
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...
CVE-2025-65570
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...
CVE-2025-65570
CVE-2025-65570 describes a type confusion in jsish 2.0 where, inside a for-in loop, an array element access used as the left-hand operand in an instanceof expression leaves an extra array reference on the stack. When OP_NEXT runs, it may treat the array as an iterator object and read an invalid f...
CVE-2025-65570
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...
PT-2025-53725
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...