AngularJS: Prototype pollution in merge function could result in code injection

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...

AngularJS: Prototype pollution in merge function could result in code injection

A prototype pollution vulnerability was found in AngularJS. A remote attacker could abuse this flaw by providing malicious input to the merge function by overriding or adding properties of the Object.prototype, allowing possible injection of code...

ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution

The package ts-deepmerge before version 2.0.2 is vulnerable to Prototype Pollution due to missing sanitization of the merge function...

CVE-2022-25907

The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function...

PT-2022-17598 · Unknown · Ts-Deepmerge

Name of the Vulnerable Software and Affected Versions: ts-deepmerge versions prior to 2.0.2 Description: The issue is related to Prototype Pollution due to missing sanitization of the merge function. This allows for potential manipulation of the prototype, leading to various security issues...

deepmerge-ts 安全漏洞

deepmerge-ts is an npm package. It is used to deep merge 2 or more objects with respect to type information. A security vulnerability exists in versions of deepmerge-ts prior to 2.0.2, which stems from the lack of handling of merge functions and is susceptible to prototype contamination...

Prototype Pollution

ianwalter/merge is vulnerable to prototype pollution. The vulnerability exist in the merge function in merge.js which allows remote attackers to inject malicious payloads...

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

PT-2022-9397 · Npm · @Ianwalter/Merge +1

Name of the Vulnerable Software and Affected Versions: @ianwalter/merge versions all Description: The issue concerns Prototype Pollution via the main merge function. The maintainer suggests using @generates/merger instead, as @ianwalter/merge is deprecated. Recommendations: For all versions,...

Prototype Pollution

dset is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the merge function in the merge.js and modify attributes such as proto, constructor, and prototype...

Denial Of Service (DoS)

qs is vulnerable to denial of service. The vulnerability exists in merge function in qs.js due to lack of sanitization which allows an attacker to cause an application crash...

CVE-2021-23470

This affects the package putil-merge before 3.8.0. The merge function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in...

CVE-2021-23470

This affects the package putil-merge before 3.8.0. The merge function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in...

Hardcoded credentials

This affects the package putil-merge before 3.8.0. The merge function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in...

CVE-2021-23470 Prototype Pollution

This affects the package putil-merge before 3.8.0. The merge function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in...

merge() can cause lock to fail due to tokenId collision

Handle WatchPug Vulnerability details function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is capped at 128 bits max supply of XDEFI for 10 years locked, total supply of NFTs is capped at 128 bits. return points PoC 1. Alice lock 1 XDEFI for 7 days 3 times got...

Missing noreentrant modifier on merge() and updateDistribution(), can reenter from the _lock()

Handle Fitraldys Vulnerability details Impact A user can call lock that will call lock, that eventually will call safeMint, the safeMint function will make an external call to the destination address through checkOnERC721Received, and since the merge and updateDistribution didnt have noreentrant...

merge is loss of all assets

Handle danb Vulnerability details merge function mints nft, but doesn't add it to positionOf, which makes it worthless, in addition it burns all the nfts of the user which means they lost all assets. --- The text was updated successfully, but these errors were encountered: All reactions...

_safeMint Will Fail Due To An Edge Case In Calculating tokenId Using The _generateNewTokenId Function

Handle leastwood Vulnerability details Impact NFTs are used to represent unique positions referenced by the generated tokenId. The tokenId value contains the position's score in the upper 128 bits and the index wrt. the token supply in the lower 128 bits. When positions are unlocked after expirin...