Prototype Pollution

Overview org.webjars.npm:redoc is an OpenAPI/Swagger-generated API Reference Documentation. Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects method in utils/helpers.ts due to improper user input sanitization. PoC js async = const lib = await...

CVE-2024-39012

ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

PT-2024-28321 · Unknown · Chargeover Redoc

Name of the Vulnerable Software and Affected Versions: chargeover redoc version 2.0.9-rc.69 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS and have other impacts via the mergeObjects function. Recommendations: For chargeover redoc version...

CasperJS Input Validation Error Vulnerability

CasperJS is a navigation script and test utility for the PhantomJS and SlimerJS browsers. An input validation error vulnerability exists in the 'mergeObjects' function in all versions of CasperJS. An attacker can exploit this vulnerability to execute arbitrary code...