CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-1478

Malware in sbrugna...

5.3CVSS5.3AI score0.00259EPSS

Exploits0References4

Huntr•added 2021/03/17 1:24 p.m.•7 views

Prototype Pollution in aheckmann/mquery

✍️ Description mquery is aware of the risk of prototype pollution in its exported functions cloneObject and merge and readily present protection by checking the key in var specialProperties = 'proto', 'constructor', 'prototype'. However, the current protection misses to protect another exported...

1.3AI score

Exploits0

Node.js•added 2021/03/09 5:35 p.m.•24 views

Prototype Pollution

Overview In mquery before version 3.2.3 there is a prototype pollution vulnerability because a special property e.g., proto can be copied during a merge or clone operation. Recommendation Upgrade to version 3.2.3 or later References - CVE - GitHub Advisory...

5CVSS5.5AI score0.00259EPSS

Exploits0Affected Software1

RedhatCVE•added 2021/02/16 5:35 p.m.•24 views

CVE-2020-35149

A flaw was found in mquery that allows a prototype pollution attack. This flaw allows an attacker to alter the code behavior by modifying the object prototype. A flaw in the lib/utils.js function allows cloning and merging objects without sanitizing their special properties, such as prototype...

5.3CVSS3.1AI score0.00259EPSS

Exploits0References5

vulnersOsv•added 2020/12/18 6:23 p.m.•3 views

1405-authtokens (>=1.0.1 <=1.0.5), 1405_logging (=1.0.0) +3899 more potentially affected by CVE-2020-35149 via mquery (>=0.2.4 <=3.2.2)

mquery NPM version =0.2.4, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.2.0, =0.0.1, =1.0.16, =1.0.30, =1.0.95 and more Source cves: CVE-2020-35149 Source advisory: OSV:GHSA-45Q2-34RF-MR94...

5.3CVSS6AI score0.00259EPSS

Exploits0

Github Security Blog•added 2020/12/18 6:23 p.m.•43 views

Code Injection in mquery

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

5.3CVSS5.9AI score0.00259EPSS

Exploits0References3Affected Software1

OSV•added 2020/12/18 6:23 p.m.•0 views

GHSA-45Q2-34RF-MR94 Code Injection in mquery

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

5.3CVSS5.8AI score0.00259EPSS

Exploits0References2

Veracode•added 2020/12/14 3:25 a.m.•14 views

Prototype Pollution

mquery is vulnerable to prototype pollution. The vulnerability exists as it does not prevent proto, constructor, prototype to be added in a merge or clone operation...

5.3CVSS2.1AI score0.00259EPSS

Exploits0References2Affected Software1

vulnersOsv•added 2020/12/13 10:36 a.m.•1 views

3nit-utils (>=0.24.0 <=1.0.2), @36node/template-service (=0.3.5) +577 more potentially affected by CVE-2020-35149 via mquery (>=3.0.0-rc0 <=3.2.2)

mquery NPM version =3.0.0-rc0, =0.24.0, =0.2.0, =3.7.0, =0.1.17, =1.0.0, =0.0.1, =0.0.2, =5.9.7, =0.7.0, =1.0.33, =2.1.3 and more Source cves: CVE-2020-35149 Source advisory: SNYK:JS-MQUERY-1050858...

5.3CVSS6AI score0.00259EPSS

Exploits0

Snyk•added 2020/12/13 10:36 a.m.•4 views

Prototype Pollution

Overview mquery is an Expressive query building for MongoDB Affected versions of this package are vulnerable to Prototype Pollution via the merge function within lib/utils.js. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. PoC...

7.3CVSS6.6AI score0.00259EPSS

Exploits0References2

NVD•added 2020/12/11 7:15 p.m.•9 views

CVE-2020-35149

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

5.3CVSS5.2AI score0.00259EPSS

Exploits0References1

OSV•added 2020/12/11 7:15 p.m.•11 views

CVE-2020-35149

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

5.3CVSS6.7AI score

Exploits0References1

Prion•added 2020/12/11 7:15 p.m.•8 views

Information disclosure

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

5CVSS5.5AI score0.00259EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/12/11 7:0 p.m.•10 views

CVE-2020-35149

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

5.2AI score0.00259EPSS

Exploits0References1

CVE•added 2020/12/11 7:0 p.m.•76 views

CVE-2020-35149

CVE-2020-35149 affects mquery before 3.2.3 via prototype pollution in lib/utils.js, where a special property (e.g., proto ) can be copied during merge or clone, altering object prototypes. Exploitation is described across sources (NVD, Red Hat advisory, Snyk) as a prototype pollution risk that ca...

5.3CVSS5.1AI score0.00259EPSS

Exploits0References1Affected Software1

CNNVD•added 2020/12/11 12:0 a.m.•2 views

Mquery Security Vulnerability

Aheckmann Mquery is a Javascript-based codebase for efficiently generating Mongdb query statements from the individual developer Aheckmann. A security vulnerability exists in mquery lib/utils.js versions prior to 3.2.3, which allows contamination attacks because a special attribute e.g. proto can...

5.3CVSS6AI score0.00259EPSS

Exploits0References6

Kitploit•added 2018/06/24 2:17 p.m.•21 views

Mquery - YARA Malware Query Accelerator (Web Frontend)

Ever had trouble searching for particular malware samples? This project is an analyst-friendly web GUI to look through your digital warehouse. mquery can be used to search through terabytes of malware in a blink of an eye: Thanks to the UrsaDB database, queries on large datasets can be extremely...

7.1AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by