21 matches found
Prototype Pollution
baobab is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the merger function in helpers.js and modify attributes such as proto, constructor, and other prototype base objects...
Prototype Pollution
grunt-util-property is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
simple-plist is vulnerable to prototype pollution. The vulnerability exists because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes via .parse function...
Prototype Pollution
node-forge is vulnerable to prototype pollution. The vulnerability exists through the 'debug.set' function in 'debug.js' , allowing an attacker to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
merge-deep2 is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes via merge function...
Prototype Pollution
dotty is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the put function and modify attributes such as proto, constructor, and prototype...
Prototype Pollution
mootools is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
nedb is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
nconf-toml is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
js-extend is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
deep-override is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the override function...
GHSA-8QPM-5C82-RF96 Prototype Pollution in backbone-query-parameters
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in backbone-query-parameters 0.4.0 allows a malicious user to inject properties into Object.prototype...
Prototype Pollution
mongoose is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
msgpack5 is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
dynamoose is vulnerable to prototype pollution. The vulnerability exists through lib/utils/object/set.ts where an attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
nested-object-assign is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
@strikeentco/set is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
dot-notes is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
arr-flatten-unflatten is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution
express-mock-middleware is vulnerable to Prototype Pollution. It allows an attacker to inject properties of the Object.prototype, manipulating the attributes by overwriting, or polluting them...