EUVD-2021-1116

Malware in sbrugna...

dom-to-gaffa (>=0.0.1 <=0.0.2), driven (>=0.0.1 <=0.3.3) +12 more potentially affected by CVE-2020-7727 via gedi (>=0.10.1 <=1.6.3)

gedi NPM version =0.10.1, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.3.1, =0.3.3 Source cves: CVE-2020-7727 Source advisory: OSV:GHSA-JH2M-J8PP-55RC...

GHSA-JH2M-J8PP-55RC Prototype Pollution in gedi

All versions of package gedi up to and including version 1.6.3 are vulnerable to Prototype Pollution via the set function...

Prototype Pollution in gedi

All versions of package gedi up to and including version 1.6.3 are vulnerable to Prototype Pollution via the set function...

Prototype Pollution

gedi is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto header to be set through the set function...

CVE-2020-7727

All versions of package gedi are vulnerable to Prototype Pollution via the set function...

Code injection

All versions of package gedi are vulnerable to Prototype Pollution via the set function...

CVE-2020-7727

Affected software: the gedi package (JavaScript). Vulnerability: Prototype Pollution via the set function. Root cause: unsafe handling of object property paths in set, enabling pollution of Object.prototype under certain inputs. Impact (as stated in related advisories): potential for DoS or remot...

CVE-2020-7727 Prototype Pollution

All versions of package gedi are vulnerable to Prototype Pollution via the set function...

PT-2020-19748 · Gedi · Gedi

Name of the Vulnerable Software and Affected Versions: gedi versions prior to 1.6.4 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which can lead to various security issues. Recommendations: For versions prior...

dom-to-gaffa (>=0.0.1 <=0.0.2), driven (>=0.0.1 <=0.3.3) +12 more potentially affected by CVE-2020-7727 via gedi (>=0.10.1 <=1.6.3)

gedi NPM version =0.10.1, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.3.1, =0.3.3 Source cves: CVE-2020-7727 Source advisory: SNYK:JS-GEDI-598803...

Prototype Pollution

Overview gedi is an An evented data API Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC const gedi = require'gedi'; try gedi.set'proto/polluted', true; catche console.logpolluted; Details Prototype Pollution is a vulnerability affecting JavaScript...