20 matches found
EUVD-2018-0455
Malware in sbrugna...
Prototype Pollution
Overview org.webjars:redoc is an OpenAPI/Swagger-generated API Reference Documentation. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects method in utils/helpers.ts due to improper user input sanitization. PoC js async = const lib = await import'redoc';...
Prototype Pollution
Overview org.webjars.bower:redoc is an OpenAPI/Swagger-generated API Reference Documentation. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects method in utils/helpers.ts due to improper user input sanitization. PoC js async = const lib = await...
GHSA-28MC-G557-92M7 @75lb/deep-merge Prototype Pollution vulnerability
Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...
GHSA-VRR3-5R3V-7XFW Improperly Controlled Modification of Dynamically-Determined Object Attributes in casperjs
Overview casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects utility function. PoC js var payload = JSON.parse'"proto": "a": "pwned"'; mergeObjects, payload; console.log.a; //...
Prototype Pollution in yowainwright/common-utilities
Description @common-utilities/merge-objects is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var a = require"@common-utilities/merge-objects" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " +...
basic-read-config (>=1.0.2 <=1.0.3), blockchain-profile (>=0.1.0 <=0.3.2) +8 more potentially affected by unknown CVE via merge-objects (=1.0.5)
merge-objects NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on merge-objects and may be impacted: - basic-read-config =1.0.2, =0.1.0, =0.0.5, =0.3.0, =0.0.1, =1.1.4, =1.4.0, =0.1.0, =0.0.1, =0.5.3 Source cves: unknown CVE Source...
Prototype Pollution in merge-objects
All versions of merge-objects are vulnerable to Prototype Pollution. Recommendation No fix is available for this vulnerability at this time. It is our recommendation to use an alternative package...
GHSA-992F-WF4W-X36V Prototype Pollution in merge-objects
All versions of merge-objects are vulnerable to Prototype Pollution. Recommendation No fix is available for this vulnerability at this time. It is our recommendation to use an alternative package...
CVE-2020-7679
In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution...
Prototype Pollution
Overview casperjs is a navigation scripting & testing utility for PhantomJS and SlimerJS. Affected versions of this package are vulnerable to Prototype Pollution. The mergeObjects utility function is susceptible to Prototype Pollution. PoC by Snyk var payload = JSON.parse'"proto": "a": "pwned"';...
PT-2020-19702 · Casperjs Team · Casperjs
Name of the Vulnerable Software and Affected Versions: casperjs versions affected versions not specified Description: The issue concerns a Prototype Pollution vulnerability via the mergeObjects utility function in casperjs, a navigation scripting and testing utility for PhantomJS and SlimerJS. Th...
Prototype Pollution
Overview All versions of merge-objects are vulnerable to Prototype Pollution. Recommendation No fix is available for this vulnerability at this time. It is our recommendation to use an alternative package. References - HackerOne Report - GitHub Advisory...
CVE-2018-3753
The utilities function in all versions = 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...
CVE-2018-3753
The utilities function in all versions = 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...
Code injection
The utilities function in all versions = 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...
CVE-2018-3753
The utilities function in all versions = 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...
CVE-2018-3753
The CVE-2018-3753 issue affects the merge-objects module (versions
Prototype Pollution
merge-objects is vulnerable to prototype pollution attacks. The vulnerability exists as the utility function allows modifying the prototype of Object...
Node.js third-party modules: Prototype pollution attack (merge-objects)
As discussed in 309391, here's the separate report for each of the library. This one is the information for the merge-objects library. Module: merge-object Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object" when the attacker control part ...