Lucene search
K

25 matches found

OSV
OSV
added 2020/12/15 8:15 a.m.5 views

CVE-2020-28442

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...

9.8CVSS7.3AI score0.01959EPSS
Exploits1References4
NVD
NVD
added 2020/12/15 8:15 a.m.32 views

CVE-2020-28442

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...

9.8CVSS8.6AI score0.01959EPSS
Exploits1References4
CVE
CVE
added 2020/12/15 7:25 a.m.70 views

CVE-2020-28442

CVE-2020-28442 (js-data) : Multiple connected sources confirm Prototype Pollution in js-data via the deepFillIn function and, in some advisories, the set function. Affected are all versions prior to the fix, with an incomplete remediation described; the OSV/GHSA entries specify vulnerability acro...

9.8CVSS8.5AI score0.01959EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2020/10/29 3:0 p.m.5 views

js-data-dao (=1.0.0) potentially affected by CVE-2020-28442 via js-data (=3.0.0-rc.5)

js-data NPM version =3.0.0-rc.5 is affected by a known vulnerability. The following packages have a transitive dependency on js-data and may be impacted: - js-data-dao =1.0.0 Source cves: CVE-2020-28442 Source advisory: SNYK:JS-JSDATA-1023655...

9.8CVSS7.2AI score0.01959EPSS
Exploits1
Snyk
Snyk
added 2020/10/29 3:0 p.m.1 views

Prototype Pollution

Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepMixIn and deepFillIn functions. PoC const utils = require"js-data"; const obj = ; const source = JSON.parse'"proto":"polluted":"yes"';...

9.8CVSS9AI score0.01959EPSS
Exploits1References2
Rows per page
Query Builder