Lucene search
K

25 matches found

Veracode
Veracode
added 2020/11/03 6:23 a.m.13 views

Prototype Pollution

json8-pointer is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

3.5AI score
Exploits0
Huntr
Huntr
added 2020/10/22 12:0 a.m.14 views

Prototype Pollution in sonnyp/json8

Description json8-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Patch = require"json8-patch" var obj = const pat...

1.3AI score
Exploits0
Huntr
Huntr
added 2020/10/22 12:0 a.m.17 views

Prototype Pollution in sonnyp/json8

Description json8-pointer is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Pointer = require"json8-pointer"...

2.1AI score
Exploits0
Snyk
Snyk
added 2020/10/13 12:45 p.m.7 views

Prototype Pollution

Overview json8 is a JSON toolkit for JavaScript Affected versions of this package are vulnerable to Prototype Pollution. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution. Details...

9.8CVSS9AI score0.0187EPSS
Exploits1References2
Hacker One
Hacker One
added 2020/09/12 11:53 a.m.60 views

Node.js third-party modules: [json8-merge-patch] Prototype Pollution

I would like to report a Prototype Pollution vulnerability in json8-merge-patch The apply function fails to restrict access to prototypes of objects, allowing for modification of prototype behavior. Module module name: json8-merge-patch version: v1.0.1 npm page:...

5CVSS0.7AI score0.01277EPSS
Exploits1
Rows per page
Query Builder