Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2022/05/03 12:0 a.m.23 views

Prototype Pollution in dset

All versions of dset prior to 3.1.2 are vulnerable to Prototype Pollution via dset/merge mode, as the dset function checks for prototype pollution by validating if the top-level path contains proto, constructor or prototype. By crafting a malicious object, it is possible to bypass this check and...

8.1CVSS5.2AI score0.01722EPSS
Exploits1References5Affected Software2
OSV
OSVadded 2022/05/03 12:0 a.m.1 views

GHSA-23WX-CGXQ-VPWX Prototype Pollution in dset

All versions of dset prior to 3.1.2 are vulnerable to Prototype Pollution via dset/merge mode, as the dset function checks for prototype pollution by validating if the top-level path contains proto, constructor or prototype. By crafting a malicious object, it is possible to bypass this check and...

6.5CVSS5.9AI score0.01722EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2022/05/02 7:38 a.m.40 views

CVE-2022-25645

A flaw was found in the dset package via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains a proto, constructor, or prototype. This flaw allows an attacker to craft a malicious object, bypassing this check and achieving prototype...

8.1CVSS5AI score0.01722EPSS
Exploits1References5
OSV
OSVadded 2022/05/01 4:15 p.m.1 views

CVE-2022-25645

All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains proto, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achie...

8.1CVSS5.8AI score
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2022/05/01 3:25 p.m.2 views

CVE-2022-25645

All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains proto, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achie...

8.1CVSS5.4AI score0.01722EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2022/05/01 12:0 a.m.2 views

PT-2022-17432 · Dset · Dset

Name of the Vulnerable Software and Affected Versions: dset versions prior to 3.1.2 Description: The issue arises from the dset function's validation process in 'dset/merge' mode, where it checks for prototype pollution by looking for proto , constructor, or prototype in the top-level path...

8.1CVSS7.9AI score0.01722EPSS
Exploits1References7
Kitploit
Kitploitadded 2016/03/28 10:30 p.m.66 views

Meld - Visual Diff And Merge Tool Targeted At Developers

Meld is a visual diff and merge tool targeted at developers. Meld helps you compare files, directories, and version controlled projects. It provides two- and three-way comparison of both files and directories, and has support for many popular version control systems. Meld helps you review code...

7.4AI score
Exploits0
Rows per page
Query Builder