25 matches found
CVE-2020-28442
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...
CVE-2020-28442
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function...
CVE-2020-28442
CVE-2020-28442 (js-data) : Multiple connected sources confirm Prototype Pollution in js-data via the deepFillIn function and, in some advisories, the set function. Affected are all versions prior to the fix, with an incomplete remediation described; the OSV/GHSA entries specify vulnerability acro...
js-data-dao (=1.0.0) potentially affected by CVE-2020-28442 via js-data (=3.0.0-rc.5)
js-data NPM version =3.0.0-rc.5 is affected by a known vulnerability. The following packages have a transitive dependency on js-data and may be impacted: - js-data-dao =1.0.0 Source cves: CVE-2020-28442 Source advisory: SNYK:JS-JSDATA-1023655...
Prototype Pollution
Overview js-data is a Robust, framework-agnostic in-memory data store. Affected versions of this package are vulnerable to Prototype Pollution via the deepMixIn and deepFillIn functions. PoC const utils = require"js-data"; const obj = ; const source = JSON.parse'"proto":"polluted":"yes"';...