CVE-2020-7644

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

gossip-object (>=0.1.0 <=2.3.4), gossipdb (>=0.1.1 <=0.1.5) +2 more potentially affected by CVE-2020-7644 via fun-map (>=2.0.1 <=3.3.1)

fun-map NPM version =2.0.1, =0.1.0, =0.1.1, =0.0.0, =0.2.0, =1.0.0 Source cves: CVE-2020-7644 Source advisory: OSV:GHSA-P33M-7W7F-GMJ8...

Uncontrolled Resource Consumption in fun-map

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

GHSA-P33M-7W7F-GMJ8 Uncontrolled Resource Consumption in fun-map

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

Prototype Pollution

fun-map is vulnerable to prototype pollution. An attacker is able to inject and modify properties of Object.prototype using a proto payload in the function assocInM, potentially alowing the execution of arbitrary code...

Fun-map Resource Management Error Vulnerability

fun-map is a Clojure string mapping utility program. A security vulnerability exists in fun-map 3.3.1 and earlier versions. The vulnerability can be exploited to add or modify Object.prototype properties via the "assocInM" function...

CVE-2020-7644

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

CVE-2020-7644

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

Design/Logic Flaw

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

CVE-2020-7644

CVE-2020-7644 affects fun-map up to version 3.3.1, with prototype pollution via the assocInM function that can add/modify Object.prototype properties using a proto payload. Reported across NVD and multiple feeds (Red Hat, GHSA, OSV, CNVD, CN...); CVSS scores indicate 6.8 (2.0/AV:N/AC:M) and 8.1 (...

PT-2020-19679 · Fun-Map · Fun-Map

Name of the Vulnerable Software and Affected Versions: fun-map versions 3.3.1 and earlier Description: The issue concerns Prototype Pollution, where the assocInM function can be tricked into adding or modifying properties of Object.prototype using a proto payload. This allows for potential...

Arbitrary Code Execution

Overview fun-map is a functional utilities for pretending that JS objects are Clojure string maps. Affected versions of this package are vulnerable to Arbitrary Code Execution. The injection point is located in line 26 in the index file class.js; the members argument of the create function can be...

gossip-object (>=0.1.0 <=2.3.4), gossipdb (>=0.1.1 <=0.1.5) +2 more potentially affected by CVE-2020-7640 via fun-map (>=2.0.1 <=3.3.1)

fun-map NPM version =2.0.1, =0.1.0, =0.1.1, =0.0.0, =0.2.0, =1.0.0 Source cves: CVE-2020-7640 Source advisory: SNYK:JS-FUNMAP-564436...