EUVD-2022-0557

Malicious code in bioql PyPI...

EUVD-2022-1107

Malicious code in bioql PyPI...

CVE-2024-10757

A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unittesting/templates/jsdata.php. The manipulation of the argument scripts leads t...

Prototype Pollution in js-data

All versions of package js-data prior to 3.0.10 are vulnerable to Prototype Pollution via the deepFillIn function...

@cloudnexa/vnoc-bedrock (>=0.3.27 <=1.0.2), @oguennec/remotedev-server (=0.8.4) +46 more potentially affected by CVE-2020-28442 via js-data (>=0.4.2 <=3.0.0-rc.5)

js-data NPM version =0.4.2, =0.3.27, =1.0.2, =1.0.0, =0.2.5, =1.0.0, =2.0.1, =1.1.1, =1.0.0, =0.0.2, =0.4.2, =0.4.2, =2.2.4 and more Source cves: CVE-2020-28442 Source advisory: OSV:GHSA-MQGV-67VX-G4M5...

GHSA-MQGV-67VX-G4M5 Prototype Pollution in js-data

All versions of package js-data prior to 3.0.10 are vulnerable to Prototype Pollution via the deepFillIn function...

GHSA-C6H4-GC3F-HGJQ Prototype Pollution in js-data

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

@cloudnexa/vnoc-bedrock (>=0.3.27 <=1.0.2), @oguennec/remotedev-server (=0.8.4) +46 more potentially affected by CVE-2021-23574 via js-data (>=0.4.2 <=3.0.0-rc.5)

js-data NPM version =0.4.2, =0.3.27, =1.0.2, =1.0.0, =0.2.5, =1.0.0, =2.0.1, =1.1.1, =1.0.0, =0.0.2, =0.4.2, =0.4.2, =2.2.4 and more Source cves: CVE-2021-23574 Source advisory: OSV:GHSA-C6H4-GC3F-HGJQ...

Prototype Pollution

js-data is vulnerable to pollution prototype. The vulnerability exists due to an incomplete fix of CVE-2020-28442. A remote attacker is able to inject arbitrary properties into existing construct prototypes and modify attributes via the deepFillIn and the set functions resulting in prototype...

CVE-2021-23574

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

CVE-2021-23574

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

Design/Logic Flaw

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

CVE-2021-23574

The CVE-2021-23574 entry covers a Prototype Pollution vulnerability in the js-data package triggered via deepFillIn and set, with root cause in object contamination and an impact profile of high severity. Connected documents corroborate this as a js-data issue and note the pollution affects all v...

CVE-2021-23574 Prototype Pollution

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442...

js-data 安全漏洞

js-data is a framework-agnostic, datastore-agnostic ORM for Node.js and browsers. A security vulnerability exists in js-data that stems from packages being susceptible to prototype contamination via the deepFillIn and set functions...

@blerpapp/js-data-cloud-datastore (>=1.0.0-rc.2 <=1.0.0-rc.3), @citygro/vdata (>=5.0.0 <=8.10.0) +90 more potentially affected by CVE-2020-28442 +1 more via js-data (>=0.4.2 <=4.0.0-beta.4)

js-data NPM version =0.4.2, =1.0.0-rc.2, =5.0.0, =0.3.27, =0.3.0, =1.0.2, =1.0.0, =0.1.0, =0.1.2, =2.1.30, =1.2.15-alpha, =0.2.5, =1.0.0, =1.3.1 - api-fusion =0.1.2 and more Source cves: CVE-2020-28442, CVE-2021-23574 Source advisory: SNYK:JS-JSDATA-1584361...

Prototype Pollution

Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442. PoC 1 var jsdata = require'js-data'; var obj = ; var payload =...

Prototype Pollution

js-data is vulnerable to pollution prototype. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the deepMixIn function...

Prototype Pollution in js-data/js-data

Description js-data is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js const js = require"js-data"; const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; js.utils.deepMixInobj, payload;...

Prototype Pollution

js-data is vulnerable to pollution prototype. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the deepMixIn function...