Prototype Pollution

Overview elysia is an Ergonomic Framework for Human Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function after merging results of two standard schema validations with the same key. An attacker can achieve remote code execution by supplying crafted inp...

elysia 安全漏洞

elysia is a framework of elysia open source. A security vulnerability exists in elysia versions 1.4.0 through 1.4.16, which stems from a prototype contamination in the mergeDeep function that could lead to remote code execution...

Prototype Pollution

@abip/sp-common is vulnerable to Prototype Pollution. The vulnerability is due to the function mergeDeep, which allows attackers to inject arbitrary properties. The attacker can execute arbitrary code or cause a Denial of Service DoS as a result...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:ag-grid-enterprise is an Advanced Data Grid / Data Table supporting Javascript / Typescript / React / Angular / Vue Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the .mergeDeep...

PT-2024-28311 · Unknown · Ag-Grid-Community +1

Name of the Vulnerable Software and Affected Versions: ag-grid-community version 31.3.2 ag-grid-enterprise version 31.3.2 Description: The issue is related to a prototype pollution via the .mergeDeep function, allowing attackers to execute arbitrary code or cause a Denial of Service DoS by...

PT-2024-18920 · Unknown · Web3-Utils

Name of the Vulnerable Software and Affected Versions: web3-utils versions prior to 4.2.1 Description: The issue concerns Prototype Pollution via the utility functions format and mergeDeep due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to th...

GHSA-J28Q-P8WW-CP87 Prototype Pollution in merge-deep2.

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...

Design/Logic Flaw

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...

CVE-2021-23700 Prototype Pollution

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...

merge-deep 代码问题漏洞

merge-deep is an open source tool . It is used to recursively merge values in JavaScript objects. A code issue vulnerability exists in Nerge-deep2 that stems from the product's susceptibility to prototype contamination by the mergeDeep function. The following products and versions are affected:...

comb 代码问题漏洞

comb is a node framework that provides a one-stop shop for frequently needed utilities. A code issue exists in Comb where the product is susceptible to prototype contamination from the mergeDeep function. The following products and versions are affected:...

Prototype Pollution

typeorm is vulnerable to prototype pollution. The mergeDeep function of OrmUtils.ts fails to validate the Object key value ...sources parameter, allowing an attacker to perform prototype pollution attacks by providing built-in properties such as proto...

Prototype Pollution

utilitify causes prototype pollution. The vulnerability exists as it allows the proto property to be merged through the mergeDeep function...