Lucene search
+L

114 matches found

Github Security Blog
Github Security Blog
added 2021/04/13 3:23 p.m.48 views

Uncontrolled Resource Consumption in rdf-graph-array

rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype...

5.3CVSS2.3AI score0.01071EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.8 views

The vulnerability of the Apache Struts software platform lies in the lack of proper control over the modification of dynamically defined object properties, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Struts software framework is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.4AI score0.97399EPSS
Exploits15References5Affected Software3
Veracode
Veracode
added 2021/01/28 3:42 a.m.14 views

Prototype Pollution

@theia/plugin-ext is vulnerable to prototype pollution. The function mergeContents allows an attacker to get control of value of “path” and modify attributes such as proto, constructor and prototype. An attacker is able to supply a malicious object that causes the function to overwrite properties...

4AI score
Exploits0
Debian CVE
Debian CVE
added 2020/11/26 10:40 a.m.12 views

CVE-2020-7778

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...

7.5CVSS5.8AI score0.02393EPSS
Exploits1
CNNVD
CNNVD
added 2020/11/26 12:0 a.m.7 views

Systeminformation Operating System Command Injection Vulnerability

systeminformation is an Npm software library for individual developers individual developers to obtain operating system information. A security vulnerability exists in systeminformation version 4.30.2, which can be exploited by an attacker to override properties and functions of an object, leadin...

7.5CVSS7.2AI score0.02393EPSS
Exploits1References8
NVD
NVD
added 2020/09/18 9:15 p.m.12 views

CVE-2020-8158

Prototype pollution vulnerability in the TypeORM package 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks...

9.8CVSS0.0212EPSS
Exploits2References1
Hacker One
Hacker One
added 2020/05/19 7:34 p.m.22 views

Node.js third-party modules: [extend-merge] Prototype pollution

I would like to report a prototype pollution vulnerability in extend-merge module. It allows an attacker to inject properties on Object.prototype. Module module name: extend-merge version: 1.0.5 npm page: https://www.npmjs.com/package/extend-merge Module Description Shallow extend and deep merge...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2020/05/18 7:58 p.m.64 views

Node.js third-party modules: [keyd] Prototype pollution

I would like to report a prototype pollution vulnerability in keyd module. It allows an attacker to inject properties on Object.prototype. Module module name: keyd version: 1.3.4 npm page: https://www.npmjs.com/package/keyd Module Description A small library for using and manipulating key paths i...

0.8AI score
Exploits0
NVD
NVD
added 2020/03/12 11:15 p.m.24 views

CVE-2020-7600

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...

5.3CVSS5.9AI score0.01127EPSS
Exploits1References2
Prion
Prion
added 2020/03/12 11:15 p.m.15 views

Code injection

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...

5CVSS6.2AI score0.01127EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/03/12 10:25 p.m.33 views

CVE-2020-7600

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...

5.6AI score0.01127EPSS
Exploits1References2
NVD
NVD
added 2020/03/11 11:15 p.m.29 views

CVE-2019-10808

utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype...

8.8CVSS8.6AI score0.02044EPSS
Exploits1References2
CVE
CVE
added 2020/03/11 10:5 p.m.95 views

CVE-2019-10808

CVE-2019-10808 affects utilitify prior to 1.0.3. The merge function can facilitate prototype pollution by adding or modifying properties on Object.prototype, enabling attackers to tamper with object hierarchies. This is documented across multiple sources (GHSA/Snyk and vendor advisories). remedia...

8.8CVSS8.6AI score0.02044EPSS
Exploits1References2Affected Software1
Fedora
Fedora
added 2020/02/08 1:39 a.m.39 views

[SECURITY] Fedora 30 Update: nodejs-mixin-deep-1.3.2-1.fc30

Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone...

9.8CVSS3AI score0.03508EPSS
Exploits1
NVD
NVD
added 2019/12/20 11:15 p.m.16 views

CVE-2019-19919

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads...

9.8CVSS9.8AI score0.07066EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/12/20 11:15 p.m.121 views

CVE-2019-19919

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads...

9.8CVSS7AI score0.07066EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/12/20 10:50 p.m.31 views

CVE-2019-19919

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads...

9.8CVSS8.5AI score0.07066EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2019/08/21 4:15 p.m.37 views

assign-deep Vulnerable to Prototype Pollution

Versions of assign-deep prior to 1.0.1 and 0.4.8 are vulnerable to Prototype Pollution. The assign function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...

7.5CVSS5.5AI score0.01142EPSS
Exploits1References6Affected Software1
Node.js
Node.js
added 2019/06/28 8:9 p.m.34 views

Prototype Pollution

Overview Versions of deeply prior to 1.0.1 are vulnerable to Prototype Pollution. The package fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. Recommendation...

7.5CVSS4.5AI score0.01691EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2019/06/20 3:1 p.m.28 views

Prototype Pollution

Overview Versions of assign-deep prior to 1.0.1 are vulnerable to Prototype Pollution. The assign function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...

5CVSS4.5AI score0.01142EPSS
Exploits1Affected Software1
Rows per page
Query Builder