Prototype Pollution

steal is vulnerable to prototype pollution. The vulnerability exists because of lack of validation in convertLater function in npm-convert.js which allows an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or contaminating th...

Prototype Pollution

ts-deepmerge is vulnerable to pollution prototype. The vulnerability exists because of missing sanitization of the merge parameters in 'src/index.test.ts', allowing an attacker to inject malicious characteristics to add new values to a javascript application object prototype,overwriting or...

deep-get-set prototype contamination vulnerability

deep-get-set is used to set and obtain values on objects via dotted strings. deep-get-set package in all versions suffers from a prototype pollution vulnerability that stems from the vulnerability of products to uncontrolled modification of object prototype properties. An attacker could exploit...

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift (CVE-2020-5258)

Summary Dojo vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by...