5 matches found
GHSA-P23C-P8W2-WW5V Prototype Pollution in querymen
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600...
CentOS: Security Advisory for firefox (CESA-2021:5014)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Mozilla: External protocol handler parameters were unescaped
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
Mozilla: External protocol handler parameters were unescaped
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
Prototype Pollution
Overview querymen is a Querystring parser middleware for MongoDB, Express and Nodejs. Affected versions of this package are vulnerable to Prototype Pollution. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for...