Maker.js security vulnerabilities

Maker.js is a two-dimensional vector drawing and shape modeling tool open-sourced by Microsoft. Versions of Maker.js prior to 0.19.1 contain security vulnerabilities. These vulnerabilities stem from the makerjs.extendObject function, which lacks proper validation when copying object properties...

Prototype Pollution

dref is vulnerable to Prototype Pollution. The vulnerability is due to improper validation of user-supplied input in the lib.set function, which allows an attacker to inject malicious properties into the Object.prototype, leading to a potential denial of service DoS condition...

Prototype Pollution

jsii is vulnerable to prototype pollution. The vulnerability is due to insufficient validation of user input. When untrusted input is allowed to modify the prototype of objects, an attacker can inject malicious properties into the object's prototype, potentially altering the behavior of the entir...

Prototype Pollution

dot-lens is vulnerable to Prototype Pollution. The vulnerability exists due to insufficient conditional checks in the set function of index.js which allows an attacker to inject and modify malicious properties such as proto, resulting in prototype pollution...

Prototype Pollution

protobufjs is vulnerable to Prototype Pollution. The vulnerability exists in the setProperty function of util.js, which allows an attacker to inject and modify malicious properties such as proto, resulting in prototype pollution...

Prototype Pollution

progressbar.js is vulnerable to Prototype Pollution. The vulnerability exists in extend function at utils.js which allows an attacker to inject and modify malicious properties such as proto, resulting in prototype pollution...

Prototype Pollution

dottie is vulnerable to Prototype Pollution. The vulnerability exists due to insufficient conditional checks in dottie.js which allows an attacker to inject and modify malicious properties such as proto, resulting in prototype pollution...

Prototype Pollution

feathers-sequelize is vulnerable to prototype pollution. The vulnerability exists in the cleanQuery method due to the use of insecure recursive logic to filter unsupported keys from the query object, which allows an attacker to inject malicious properties resulting in prototype pollution...

Prototype Pollution

x-assign is vulnerable to prototype pollution. An attacker is able to inject malicious properties into existing construct prototypes and modify attributes using the proto object...

Prototype Pollution

mootools-more is vulnerable to prototype pollution. An attacker is able to inject malicious properties into existing construct prototypes Object.prototype and modify attributes such as proto, constructor and prototype...

Prototype Pollution

@hapi/hoek is vulnerable to prototype pollution. Failure to validate object to prevent modification of object prototype in clone function allows an attacker to inject malicious object properties which can potentially lead to execution of arbitrary code. The vulnerability affects only applications...