127 matches found
AngularJS Input Validation Error Vulnerability
AngularJS is a TypeScript-based open source web application framework. An input validation error vulnerability exists in AngularJS versions prior to 1.7.9, which can be exploited by an attacker via the proto payload to trick the merge function into adding or modifying properties of Object.prototy...
CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
DEBIAN-CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
UBUNTU-CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
Code injection
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2019-10768
In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...
PT-2019-12040 · Google +1 · Angularjs +1
Name of the Vulnerable Software and Affected Versions: AngularJS versions prior to 1.7.9 Description: The issue concerns the merge function, which can be tricked into adding or modifying properties of Object.prototype using a proto payload. This may allow an attacker to add or modify an existing...
Prototype Pollution
Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...
Prototype Pollution
Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Prototype Pollution. The function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC by Snyk...
Prototype Pollution in lutils-merge
All versions of lutils-merge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with other...
GHSA-GM9G-2G8V-FVXJ Prototype Pollution in upmerge
All versions of upmerge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with other...
Prototype Pollution
Overview All versions of upmerge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with othe...
DEBIAN-CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
PT-2018-3812
Name of the Vulnerable Software and Affected Versions lodash versions prior to 4.17.11 Description A prototype pollution issue was discovered in the merge, mergeWith, and defaultsDeep functions of the lodash library. This issue can be exploited to add or modify properties of Object.prototype. The...
Prototype Pollution
merge is vulnerable to prototype pollution. Properties of the Object prototype can be added or modified via JSON.parse, causing a denial of service condition or possibly remote code execution depending on the application...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to an incomplete fix to CVE-2018-3721. Details Prototype Pollution is a...
Prototype Pollution
Overview lodash.basemerge is a The internal Lo-Dash function baseMerge as a Node.js module generated by lodash-cli. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of...
Prototype Pollution
Overview @sailshq/lodash is a fork of Lodash 3.10.x with ongoing maintenance from the Sails core team. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype...
Prototype Pollution
Overview lodash.defaultsdeep is a Lodash method .defaultsDeep exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is d...