Lucene search
K

11 matches found

Veracode
Veracode
added 2022/07/26 8:7 a.m.19 views

Prototype Pollution

ianwalter/merge is vulnerable to prototype pollution. The vulnerability exist in the merge function in merge.js which allows remote attackers to inject malicious payloads...

9.8CVSS8.9AI score0.00687EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2022/07/26 12:1 a.m.8 views

@generates/cli (>=0.0.2 <=0.0.7), @generates/core (>=0.0.2 <=0.0.7) +40 more potentially affected by CVE-2021-23397 via @ianwalter/merge (>=1.0.2 <=9.0.1)

@ianwalter/merge NPM version =1.0.2, =0.0.2, =0.0.2, =0.0.40, =0.0.2, =0.0.2, =0.0.0, =0.0.1, =2.5.0, =1.0.0, =3.0.0, =2.0.0, =1.1.1, =0.0.1, =0.1.1, =1.0.0 and more Source cves: CVE-2021-23397 Source advisory: OSV:GHSA-42M6-G935-5VMQ...

9.8CVSS7.2AI score0.00687EPSS
Exploits1
OSV
OSV
added 2022/07/26 12:1 a.m.42 views

GHSA-42M6-G935-5VMQ @ianwalter/merge Prototype Pollution via `merge` function

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. @ianwalter/merge is deprecated and the maintainer suggests using @generates/merger instead...

5.6CVSS9.5AI score0.00687EPSS
Exploits1References3
NVD
NVD
added 2022/07/25 2:15 p.m.17 views

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

9.8CVSS0.00687EPSS
Exploits1References1
OSV
OSV
added 2022/07/25 2:15 p.m.5 views

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

9.8CVSS5.8AI score0.00687EPSS
Exploits1References1
Prion
Prion
added 2022/07/25 2:15 p.m.12 views

Information disclosure

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

7.5CVSS9.4AI score0.00687EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/07/25 2:7 p.m.19 views

CVE-2021-23397 Prototype Pollution

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

5.6CVSS9.7AI score0.00687EPSS
Exploits1References1
CVE
CVE
added 2022/07/25 2:7 p.m.107 views

CVE-2021-23397

CVE-2021-23397 affects all versions of @ianwalter/merge and enables Prototype Pollution via the main merge function. Root cause: unsafe recursive merge can copy a proto property from a polluted source, enabling prototype contamination and potential remote code execution or DoS, as described in co...

9.8CVSS7.5AI score0.00687EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/25 2:4 p.m.3 views

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

9.8CVSS5.3AI score0.00687EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.6 views

merge 安全漏洞

merge is a tool for recursively merging JavaScript objects. A security vulnerability exists in @ianwalter/merge, which stems from the package's susceptibility to prototype contamination via the main merge function...

9.8CVSS8.3AI score0.00687EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/06/17 3:16 p.m.7 views

@generates/cli (>=0.0.2 <=0.0.7), @generates/core (>=0.0.2 <=0.0.7) +40 more potentially affected by CVE-2021-23397 via @ianwalter/merge (>=1.0.2 <=9.0.1)

@ianwalter/merge NPM version =1.0.2, =0.0.2, =0.0.2, =0.0.40, =0.0.2, =0.0.2, =0.0.0, =0.0.1, =2.5.0, =1.0.0, =3.0.0, =2.0.0, =1.1.1, =0.0.1, =0.1.1, =1.0.0 and more Source cves: CVE-2021-23397 Source advisory: SNYK:JS-IANWALTERMERGE-1311022...

9.8CVSS7.2AI score0.00687EPSS
Exploits1
Rows per page
Query Builder