EUVD-2022-4668

Malicious code in bioql PyPI...

Prototype Pollution

jsgui-lang-essentials is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the llset function in the jsgui-lang-essentials.js and modify attributes such as proto, constructor, and prototype...

GHSA-P3PG-64PV-V7JG Prototype Pollution in jsgui-lang-essentials

All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype...

Prototype Pollution in jsgui-lang-essentials

All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype...

Code injection

All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype...

CVE-2022-25301 Prototype Pollution

All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype...

CVE-2022-25301

Prototype Pollution in jsgui-lang-essentials affects all versions, enabling an attacker to alter Object attributes (e.g., proto , constructor, prototype) via methods like ll_set. This can pollution prototypes and lead to DoS or remote code execution; remediation shows no fixed version for the pac...

CVE-2022-25301

All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype...

jsgui-lang-essentials 安全漏洞

jsgui-lang-essentials is a small but powerful utility module for use with other jsgui modules. A security vulnerability exists in all versions of the jsgui-lang-essentials package, which stems from the fact that it allows all Object properties to be changed...

jsgui-node-file-metadata (=0.3.8), jsgui-node-fs2-core (>=0.1.0 <=0.1.5) +7 more potentially affected by CVE-2022-25301 via jsgui-lang-essentials (>=0.3.8 <=0.4.3)

jsgui-lang-essentials NPM version =0.3.8, =0.1.0, =0.1.0, =0.1.0, =0.3.8, =0.3.8, =0.3.35 Source cves: CVE-2022-25301 Source advisory: SNYK:JS-JSGUILANGESSENTIALS-2316897...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. PoC js var jsgui=require'jsgui-lang-essentials'; var obj=; console.log"start: " +...