Lucene search
+L

25 matches found

OSV
OSV
added 2021/05/18 1:57 a.m.52 views

GHSA-FPM5-VV97-JFWG Uncontrolled Resource Consumption in firebase

This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...

5.3CVSS5.2AI score0.00562EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2021/01/21 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS6.8AI score0.87218EPSS
Exploits4References1
Github Security Blog
Github Security Blog
added 2021/01/20 9:27 p.m.165 views

Prototype Pollution in immer

Overview Affected versions of immer are vulnerable to Prototype Pollution. Proof of exploit js const applyPatches, enablePatches = require"immer"; enablePatches; let obj = ; console.log"Before : " + obj.polluted; applyPatches, op: 'add', path: "proto", "polluted" , value: "yes" ; // applyPatches,...

7.5CVSS8.4AI score0.02293EPSS
Exploits1References8Affected Software1
FreeBSD
FreeBSD
added 2019/06/03 12:0 a.m.66 views

Django -- AdminURLFieldWidget XSS

Django security releases issued: The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickabl...

1.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/05/10 12:0 a.m.164 views

JQuery < 3.4.0 Object Prototype Pollution Vulnerability

The version of JQuery library hosted on the remote web server is prior to 3.4.0. It is, therefore, affected by an object pollution vulnerability in jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could exte...

6.1CVSS6.8AI score0.87218EPSS
Exploits4References2
Rows per page
Query Builder