13 matches found
EUVD-2021-1112
Malware in sbrugna...
Prototype Pollution in irrelon-path and @irrelon/path
The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...
@irrelon/intercept (>=0.0.1 <=1.0.3), @irrelon/schema (>=2.0.0 <=2.1.3) +6 more potentially affected by CVE-2020-7708 via irrelon-path (>=1.0.2 <=2.0.5)
irrelon-path NPM version =1.0.2, =0.0.1, =2.0.0, =0.0.7, =1.0.0, =1.0.7, =1.0.0, =0.0.1, =0.0.6 Source cves: CVE-2020-7708 Source advisory: OSV:GHSA-J7CG-H9V9-6VQP...
GHSA-J7CG-H9V9-6VQP Prototype Pollution in irrelon-path and @irrelon/path
The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...
Prototype Pollution
@irrelon/path is vulnerable to prototype pollution. The vulnerability exists as it does not restrict proto headers to be set in objects...
CVE-2020-7708
The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...
CVE-2020-7708
The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...
Design/Logic Flaw
The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...
CVE-2020-7708
CVE-2020-7708 affects the Node.js packages named in the report: irrelon-path and @irrelon/path, specifically versions prior to 4.7.0. The vulnerability is a Prototype Pollution flaw exposed through the set, unSet, pushVal, and pullVal functions, allowing an attacker to modify object prototypes an...
CVE-2020-7708 Prototype Pollution
The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...
PT-2020-19730 · Irrelon · @Irrelon/Path
Name of the Vulnerable Software and Affected Versions: irrelon-path versions prior to 4.7.0 @irrelon/path versions prior to 4.7.0 Description: The issue concerns Prototype Pollution, which can be exploited via the set, unSet, pushVal, and pullVal functions. Recommendations: For irrelon-path...
Prototype Pollution
Overview @irrelon/path is an A powerful JSON path processor. Allows you to drill into and manipulate JSON objects with a simple dot-delimited path format e.g. "obj.name". Affected versions of this package are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. POC...
Prototype Pollution
Overview irrelon-path is an A powerful JSON path processor. Allows you to drill into and manipulate JSON objects with a simple dot-delimited path format e.g. "obj.name". Affected versions of this package are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. POC:...