25 matches found
GHSA-FPM5-VV97-JFWG Uncontrolled Resource Consumption in firebase
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...
VulnCheck KEV: CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...
Prototype Pollution in immer
Overview Affected versions of immer are vulnerable to Prototype Pollution. Proof of exploit js const applyPatches, enablePatches = require"immer"; enablePatches; let obj = ; console.log"Before : " + obj.polluted; applyPatches, op: 'add', path: "proto", "polluted" , value: "yes" ; // applyPatches,...
Django -- AdminURLFieldWidget XSS
Django security releases issued: The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickabl...
JQuery < 3.4.0 Object Prototype Pollution Vulnerability
The version of JQuery library hosted on the remote web server is prior to 3.4.0. It is, therefore, affected by an object pollution vulnerability in jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could exte...