Object Constructor And Prototype Override

jsonata is vulnerable to Object Constructor And Prototype Override. The vulnerability is due to a malicious expression leveraging the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution, or other unexpected...

PT-2024-2194

Name of the Vulnerable Software and Affected Versions JSONata versions 1.4.0 through 1.8.6 JSONata versions 2.0.0 through 2.0.3 Description A malicious expression can use the transform operator to override properties on the Object constructor and prototype, potentially leading to denial of servic...

Prototype Pollution

deobfuscator is vulnerable to Prototype Pollution. This vulnerability allows an attacker to modify the prototype of the Object constructor via the LiteralMap transformer, which could then be used to execute arbitrary code on the victim's system...

CVE-2020-8268

Prototype pollution vulnerability in json8-merge-patch npm package 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor...

CVE-2020-8268

Prototype pollution vulnerability in json8-merge-patch npm package 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor...

CVE-2020-8268

Prototype pollution vulnerability in json8-merge-patch npm package 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor...

security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...

security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...

security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...

security flaw

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...

DEBIAN-CVE-2006-3807

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the...

Privilege escalation using named-functions and redefined "new Object()" — Mozilla

mozbugra4 discovered that named JavaScript functions have a parent object created using the standard Object constructor ECMA-specified behavior and that this constructor can be redefined by script also ECMA-specified behavior. If the Object constructor is changed to return a reference to a...