Lucene search
+L

4 matches found

veracode
veracode
added 2022/09/19 8:27 a.m.19 views

Prototype Pollution

steal is vulnerable to prototype pollution. The vulnerability exists because of lack of validation in convertLater function in npm-convert.js which allows an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or contaminating th...

9.8CVSS8.8AI score0.01214EPSS
Exploits1References3Affected Software1
veracode
veracode
added 2022/08/10 5:8 a.m.27 views

Prototype Pollution

ts-deepmerge is vulnerable to pollution prototype. The vulnerability exists because of missing sanitization of the merge parameters in 'src/index.test.ts', allowing an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or...

9.8CVSS8.8AI score0.01507EPSS
Exploits1References2Affected Software1
cnvd
cnvd
added 2022/06/28 12:0 a.m.15 views

deep-get-set prototype contamination vulnerability

deep-get-set is used to set and obtain values on objects via dotted strings. deep-get-set package in all versions suffers from a prototype pollution vulnerability that stems from the vulnerability of products to uncontrolled modification of object prototype properties. An attacker could exploit...

7.5CVSS4AI score0.01313EPSS
Exploits1
ibm
ibm
added 2021/05/06 1:39 p.m.30 views

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift (CVE-2020-5258)

Summary Dojo vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by...

7.7CVSS1.7AI score0.0399EPSS
Exploits1Affected Software1
Rows per page
Query Builder