10 matches found
CVE-2026-25150
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails ...
Prototype Pollution
Overview @builder.io/qwik-city is a The meta-framework for Qwik. Affected versions of this package are vulnerable to Prototype Pollution via the formToObj function, which processes form field names with dot notation but does not properly sanitize dangerous property names. An attacker can modify t...
CVE-2026-25150 Prototype Pollution via FormData Processing in Qwik City
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails ...
CVE-2026-25150
CVE-2026-25150 affects @builder.io/qwik-city middleware in Qwik. The formToObj() function improperly handles field names with dot notation (e.g., user.name), failing to sanitize dangerous property names such as proto , constructor, and prototype. This prototype pollution allows unauthenticated at...
CVE-2026-25150
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails ...
CVE-2026-25150 Prototype Pollution via FormData Processing in Qwik City
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails ...
GHSA-XQG6-98CW-GXHQ Prototype Pollution via FormData Processing in Qwik City
Summary A Prototype Pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails to sanitize dangerous property names like proto, constructor, and...
Qwik 安全漏洞
Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.19.0 contained security vulnerabilities. These vulnerabilities stemmed from a prototype pollution vulnerability in the formToObj function, which could allow unauthenticated attackers to contaminate Object.prototype,...
PT-2026-6499
Summary A Prototype Pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails to sanitize dangerous property names like proto , constructor, and...
PT-2026-6275
Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description Qwik is a performance focused javascript framework. A prototype pollution issue exists in the formToObj function within the @builder.io/qwik-city middleware. The function processes form field names usi...