EUVD-2024-0786

Malicious code in bioql PyPI...

Prototype Pollution

set-in is vulnerable to prototype pollution. An attacker is able to inject malicious property types via setIn method and merge object prototypes into it, resulting in prototype pollution vulnerability...

GHSA-FP82-2H99-3FPP Prototype Pollution in async merge-object

The utilities function in all versions of the merge-object node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...

cyclejs-group (>=0.3.0 <=1.0.0), fetch-rancher-metadata (>=1.0.9 <=1.0.10) +1 more potentially affected by CVE-2018-3753 via merge-object (=1.0.0)

merge-object NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on merge-object and may be impacted: - cyclejs-group =0.3.0, =1.0.9, =1.0.0, =1.0.4 Source cves: CVE-2018-3753 Source advisory: OSV:GHSA-FP82-2H99-3FPP...

Prototype Pollution in async merge-object

The utilities function in all versions of the merge-object node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...