25 matches found
Prototype Pollution
json8-pointer is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...
Prototype Pollution in sonnyp/json8
Description json8-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Patch = require"json8-patch" var obj = const pat...
Prototype Pollution in sonnyp/json8
Description json8-pointer is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Pointer = require"json8-pointer"...
Prototype Pollution
Overview json8 is a JSON toolkit for JavaScript Affected versions of this package are vulnerable to Prototype Pollution. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution. Details...
Node.js third-party modules: [json8-merge-patch] Prototype Pollution
I would like to report a Prototype Pollution vulnerability in json8-merge-patch The apply function fails to restrict access to prototypes of objects, allowing for modification of prototype behavior. Module module name: json8-merge-patch version: v1.0.1 npm page:...