8 matches found
EUVD-2022-1728
Malicious code in bioql PyPI...
SUSE CVE-2021-43138
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...
CVE-2021-43138
A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues method...
Prototype Pollution in async
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x fixed in 3.2.2 and 2.6.4, which could let a malicious user obtain privileges via the mapValues method...
GHSA-FWR7-V2MV-HH25 Prototype Pollution in async
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x fixed in 3.2.2 and 2.6.4, which could let a malicious user obtain privileges via the mapValues method...
CVE-2021-43138
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...
Design/Logic Flaw
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...
CVE-2021-43138
CVE-2021-43138 affects Async (lib/iterator.js) where mapValues() enables prototype pollution via createObjectIterator, allowing a malicious user to obtain privileges. Affected: Async before 2.6.4 and 3.x before 3.2.2. Root cause: prototype pollution in Object prototype through pollution of mapVal...