55 matches found
GHSA-2G4C-8FPM-C46V web3-utils Prototype Pollution vulnerability
Impact: The mergeDeep function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object's prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing careful...
CVE-2024-21505
CVE-2024-21505 affects the web3-utils package: versions prior to 4.2.1 are vulnerable to a Prototype Pollution issue in the recursive merge via the helper functions format and mergeDeep . An attacker can alter an object’s prototype, potentially changing behavior of all objects inheriting from it....
CVE-2024-21505
Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting...
CVE-2024-21505
Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting...
PT-2024-18920 · Unknown · Web3-Utils
Name of the Vulnerable Software and Affected Versions: web3-utils versions prior to 4.2.1 Description: The issue concerns Prototype Pollution via the utility functions format and mergeDeep due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to th...
GHSA-J28Q-P8WW-CP87 Prototype Pollution in merge-deep2.
All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...
Prototype Pollution in merge-deep2.
All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...
CVE-2021-23700
All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...
Design/Logic Flaw
All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...
CVE-2021-23700
CVE-2021-23700 affects the npm package merge-deep2, with prototype pollution via the mergeDeep() function. All versions are vulnerable to injecting properties into Object.prototype through unsafe recursive merge or path-based property assignment, enabling potential DoS or remote code execution in...
CVE-2021-23700 Prototype Pollution
All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep function...
merge-deep 代码问题漏洞
merge-deep is an open source tool . It is used to recursively merge values in JavaScript objects. A code issue vulnerability exists in Nerge-deep2 that stems from the product's susceptibility to prototype contamination by the mergeDeep function. The following products and versions are affected:...
comb 代码问题漏洞
comb is a node framework that provides a one-stop shop for frequently needed utilities. A code issue exists in Comb where the product is susceptible to prototype contamination from the mergeDeep function. The following products and versions are affected:...
Prototype Pollution
typeorm is vulnerable to prototype pollution. The mergeDeep function of OrmUtils.ts fails to validate the Object key value ...sources parameter, allowing an attacker to perform prototype pollution attacks by providing built-in properties such as proto...
Prototype Pollution
utilitify causes prototype pollution. The vulnerability exists as it allows the proto property to be merged through the mergeDeep function...