EUVD-2021-1256

Malware in sbrugna...

@apalchys/serverless-openapi-documentation (>=0.1.0 <=0.5.4), @conqa/serverless-openapi-documentation (>=1.0.1 <=1.0.4) +27 more potentially affected by CVE-2021-23396 via lutils (>=0.2.11 <=2.4.0)

lutils NPM version =0.2.11, =0.1.0, =1.0.1, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =2.0.9, =0.3.0, =0.0.1, =0.1.9 and more Source cves: CVE-2021-23396 Source advisory: OSV:GHSA-3R8W-MPHV-2F3F...

Prototype Pollution in lutils

All versions of package lutils are vulnerable to Prototype Pollution via the main merge function...

GHSA-3R8W-MPHV-2F3F Prototype Pollution in lutils

All versions of package lutils are vulnerable to Prototype Pollution via the main merge function...

Prototype Pollution

lutils is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2021-23396

All versions of package lutils are vulnerable to Prototype Pollution via the main merge function...

CVE-2021-23396

All versions of package lutils are vulnerable to Prototype Pollution via the main merge function...

Information disclosure

All versions of package lutils are vulnerable to Prototype Pollution via the main merge function...

CVE-2021-23396 Prototype Pollution

All versions of package lutils are vulnerable to Prototype Pollution via the main merge function...

CVE-2021-23396

The CVE-2021-23396 entry concerns the lutils package and a Prototype Pollution flaw in the main merge function. The vulnerability stems from an unsafe recursive merge that can serialize an attacker-controlled input into Object.prototype (via proto or path-based pollution), enabling manipulation o...

CVE-2021-23396

All versions of package lutils are vulnerable to Prototype Pollution via the main merge function...

@apalchys/serverless-openapi-documentation (>=0.1.0 <=0.5.4), @conqa/serverless-openapi-documentation (>=1.0.1 <=1.0.4) +27 more potentially affected by CVE-2021-23396 via lutils (>=0.2.11 <=2.4.0)

lutils NPM version =0.2.11, =0.1.0, =1.0.1, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =2.0.9, =0.3.0, =0.0.1, =0.1.9 and more Source cves: CVE-2021-23396 Source advisory: SNYK:JS-LUTILS-1311023...

Prototype Pollution

Overview lutils is an A few reliable utils. Affected versions of this package are vulnerable to Prototype Pollution via the main merge function. PoC const lt = require'lutils'; let obj = ; console.log"Before being polluted: " + obj.polluted; var EVILJSON = JSON.parse'"proto":"polluted":true';...

lutils 安全漏洞

lutils is a library of front-end code snippet collection tools. A security vulnerability exists in the lutils package that stems from the vulnerability of main merge functions to prototype contamination...

PT-2021-15489 · Lutils · Lutils

Name of the Vulnerable Software and Affected Versions: lutils versions prior to a fixed version Description: The issue concerns Prototype Pollution via the main merge function. This allows for potential manipulation of the prototype, which can lead to various security issues. Recommendations: For...

GHSA-F7QW-5PVG-MMWP Prototype Pollution in lutils-merge

All versions of lutils-merge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with other...

anjiayi-elf (>=1.0.0 <=1.0.9), anjiayi-exp (>=1.0.0 <=1.2.6) +5 more potentially affected by unknown CVE via lutils-merge (>=0.1.4 <=0.2.6)

lutils-merge NPM version =0.1.4, =1.0.0, =1.0.0, =1.0.0, =0.0.1-alpha, =0.1.0, =0.2.1 Source cves: unknown CVE Source advisory: OSV:GHSA-F7QW-5PVG-MMWP...

Prototype Pollution in lutils-merge

All versions of lutils-merge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with other...

Prototype Pollution

Overview All versions of lutils-merge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with...

Prototype Pollution

lutils-merge is vulnerable to prototype pollution. A lack of validation allows an attacker to inject arbitrary prototype objects to execute arbitrary code or cause a denial of service...