2 matches found
@mlshv/modern-koa-docs (=3.0.2), app-state-inspector (>=0.1.0 <=0.1.2) +106 more potentially affected by unknown CVE via mithril (>=0.1.24 <=1.1.6)
mithril NPM version =0.1.24, =0.1.0, =0.0.4, =1.0.4-alpha.0, =1.0.4-alpha.0, =1.0.4-alpha.0, =1.0.4-alpha.0, =1.0.4-alpha.1, =1.0.4-alpha.0, =1.0.51, =1.0.0, =0.1.1, =0.6.0, =1.0.0-alpha.2, =1.0.0-alpha.2, =1.0.0-alpha.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-C3PX-V9C7-M734...
GHSA-C3PX-V9C7-M734 Prototype Pollution in mithril
Affected versions of mithrilare vulnerable to prototype pollution. The function parseQueryString may allow a malicious user to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. A payload such as proto%5BtoString%5D=123 in...