18 matches found
CVE-2021-27228
An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...
EUVD-2021-13993
Malware in sbrugna...
CVE-2024-36577
apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...
Prototype Pollution
js-object-utilities is vulnerable to Prototype Pollution. The vulnerability is due to unsanitized property assignment due to the lib.set function allowing attackers to modify the global prototype chain using crafted payloads...
GHSA-HPQF-M68J-2PFX js-object-utilities Vulnerable to Prototype Pollution
Vulnerability type: Prototype Pollution Affected Package: Product: js-object-utilities Version: 2.2.0 Remedy: Update package to version 2.2.1. Vulnerability Locations: js at module.exports /nodemodules/js-object-utilities/dist/set.js:16:29 Description: The latest version of js-object-utilities...
js-object-utilities Vulnerable to Prototype Pollution
Vulnerability type: Prototype Pollution Affected Package: Product: js-object-utilities Version: 2.2.0 Remedy: Update package to version 2.2.1. Vulnerability Locations: js at module.exports /nodemodules/js-object-utilities/dist/set.js:16:29 Description: The latest version of js-object-utilities...
PT-2025-19349 · Npm · Js-Object-Utilities
Vulnerability type: Prototype Pollution Affected Package: Product: js-object-utilities Version: 2.2.0 Remedy: Update package to version 2.2.1. Vulnerability Locations: js at module.exports /node modules/js-object-utilities/dist/set.js:16:29 Description: The latest version of js-object-utilities...
CVE-2025-28269
creationtimestamp| type| source ---|---|--- 2025-04-06 18:13:23+00:00| published-proof-of-concept| https://github.com/rrainn/js-object-utilities/security/advisories/GHSA-hpqf-m68j-2pfx...
GHSA-QJ86-V6M7-4QV2 Object Resolver Prototype Pollution
apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...
Object Resolver Prototype Pollution
apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...
CVE-2024-36577
apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...
CVE-2024-36577
The vulnerability affects apphp/js-object-resolver prior to version 3.1.1. It enables Prototype Pollution via Module.setNestedProperty, potentially allowing an attacker to modify object properties and, per Veracode, potentially execute arbitrary code. Remediation: upgrade to 3.1.1 or later.
PT-2024-27076 · Unknown · Js-Object-Resolver
Name of the Vulnerable Software and Affected Versions: js-object-resolver versions prior to 3.1.1 Description: The issue allows for Prototype Pollution via the setNestedProperty function of the Module. This can potentially lead to unintended behavior or security issues. Recommendations: For...
CVE-2021-21267
Schema-Inspector is an open-source tool to sanitize and validate JS objects npm package schema-inspector. In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input for example...
Design/Logic Flaw
An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...
Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion
Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...
Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion Exploit
Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion Exploit VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...
CVE-2016-9651
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...