Lucene search
K

55 matches found

OSV
OSV
added 2024/03/27 9:57 p.m.14 views

GHSA-2G4C-8FPM-C46V web3-utils Prototype Pollution vulnerability

Impact: The mergeDeep function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object's prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing careful...

7.5CVSS7.4AI score0.00712EPSS
Exploits0References5
CVE
CVE
added 2024/03/25 5:0 a.m.61 views

CVE-2024-21505

CVE-2024-21505 affects the web3-utils package: versions prior to 4.2.1 are vulnerable to a Prototype Pollution issue in the recursive merge via the helper functions format and mergeDeep . An attacker can alter an object’s prototype, potentially changing behavior of all objects inheriting from it....

7.5CVSS7.5AI score0.00712EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/25 5:0 a.m.20 views

CVE-2024-21505

Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting...

7.5CVSS7.8AI score0.00712EPSS
Exploits0References2
OSV
OSV
added 2024/03/25 5:0 a.m.13 views

CVE-2024-21505

Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting...

7.5CVSS7.1AI score0.00712EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/24 12:0 a.m.3 views

PT-2024-18920 · Unknown · Web3-Utils

Name of the Vulnerable Software and Affected Versions: web3-utils versions prior to 4.2.1 Description: The issue concerns Prototype Pollution via the utility functions format and mergeDeep due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to th...

7.5CVSS7.2AI score0.00712EPSS
Exploits0References12
OSV
OSV
added 2021/12/16 2:33 p.m.3 views

GHSA-J28Q-P8WW-CP87 Prototype Pollution in merge-deep2.

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...

6.5CVSS5.9AI score0.01171EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/12/16 2:33 p.m.27 views

Prototype Pollution in merge-deep2.

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...

9.8CVSS4.7AI score0.01171EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/12/10 8:15 p.m.16 views

CVE-2021-23700

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...

9.8CVSS0.01171EPSS
Exploits1References1
Prion
Prion
added 2021/12/10 8:15 p.m.10 views

Design/Logic Flaw

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...

7.5CVSS9.4AI score0.01171EPSS
Exploits1References1
CVE
CVE
added 2021/12/10 8:5 p.m.39 views

CVE-2021-23700

CVE-2021-23700 affects the npm package merge-deep2, with prototype pollution via the mergeDeep() function. All versions are vulnerable to injecting properties into Object.prototype through unsafe recursive merge or path-based property assignment, enabling potential DoS or remote code execution in...

9.8CVSS8AI score0.01171EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/10 8:5 p.m.21 views

CVE-2021-23700 Prototype Pollution

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...

6.5CVSS9.7AI score0.01171EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.3 views

merge-deep 代码问题漏洞

merge-deep is an open source tool . It is used to recursively merge values in JavaScript objects. A code issue vulnerability exists in Nerge-deep2 that stems from the product's susceptibility to prototype contamination by the mergeDeep function. The following products and versions are affected:...

9.8CVSS8.4AI score0.01171EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.4 views

comb 代码问题漏洞

comb is a node framework that provides a one-stop shop for frequently needed utilities. A code issue exists in Comb where the product is susceptible to prototype contamination from the mergeDeep function. The following products and versions are affected:...

9.8CVSS8.4AI score0.01171EPSS
Exploits1References1
Veracode
Veracode
added 2020/07/27 4:17 a.m.20 views

Prototype Pollution

typeorm is vulnerable to prototype pollution. The mergeDeep function of OrmUtils.ts fails to validate the Object key value ...sources parameter, allowing an attacker to perform prototype pollution attacks by providing built-in properties such as proto...

9.8CVSS3.3AI score0.0212EPSS
Exploits2References3Affected Software1
Veracode
Veracode
added 2020/03/12 4:22 a.m.23 views

Prototype Pollution

utilitify causes prototype pollution. The vulnerability exists as it allows the proto property to be merged through the mergeDeep function...

8.8CVSS8.5AI score0.02044EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder