Malicious code in canvas-nest.js (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

MAL-2026-4131 Malicious code in canvas-nest.js (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview @nestjs/core is a Nest - modern, fast, powerful node.js web framework @core Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the SseStream.transform function. An attacker can inject...

EUVD-2023-1736

Malicious code in bioql PyPI...

CVE-2023-26135

All versions of the package flatnest are vulnerable to Prototype Pollution via the nest function in the flatnest/nest.js file...

WordPress Canvas-Nest.js Plugin <= 1.0.1 is vulnerable to Backdoor

Software Canvas-Nest.js Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5b218a741bed Credits Sansec.io Required privilege Unauthenticated Published 3 July, 2024...

Prototype Pollution

flatnest is vulnerable to Prototype Pollution. An attacker can inject properties into existing prototypes via the nest function of nest.js and modify the attributes such as proto, constructor, and prototype in the obj parameter, resulting in Prototype Pollution...

CVE-2023-26135

All versions of the package flatnest are vulnerable to Prototype Pollution via the nest function in the flatnest/nest.js file...

CVE-2023-26135

CVE-2023-26135 affects all versions of the flatnest package via the nest() function in flatnest/nest.js, enabling prototype pollution. The vulnerability is described across multiple feeds (Red Hat, GHSA, OSV, NVD, etc.), with the core risk being unauthorized modification of object properties at r...

PT-2023-20514 · Flatnest · Flatnest

Name of the Vulnerable Software and Affected Versions: flatnest versions all Description: The issue concerns Prototype Pollution via the nest function in the flatnest/nest.js file. This affects all versions of the package flatnest. Recommendations: For all versions, consider disabling the nest...

flatnest 安全漏洞

flatnest is a library from the personal developer Bryce Baril. A security vulnerability exists in flatnest that stems from easy prototype contamination via the Nest function in the flatnest/nest.js file...