114 matches found
Uncontrolled Resource Consumption in rdf-graph-array
rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype...
The vulnerability of the Apache Struts software platform lies in the lack of proper control over the modification of dynamically defined object properties, allowing attackers to execute arbitrary code.
The vulnerability of the Apache Struts software framework is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Prototype Pollution
@theia/plugin-ext is vulnerable to prototype pollution. The function mergeContents allows an attacker to get control of value of “path” and modify attributes such as proto, constructor and prototype. An attacker is able to supply a malicious object that causes the function to overwrite properties...
CVE-2020-7778
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands...
Systeminformation Operating System Command Injection Vulnerability
systeminformation is an Npm software library for individual developers individual developers to obtain operating system information. A security vulnerability exists in systeminformation version 4.30.2, which can be exploited by an attacker to override properties and functions of an object, leadin...
CVE-2020-8158
Prototype pollution vulnerability in the TypeORM package 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks...
Node.js third-party modules: [extend-merge] Prototype pollution
I would like to report a prototype pollution vulnerability in extend-merge module. It allows an attacker to inject properties on Object.prototype. Module module name: extend-merge version: 1.0.5 npm page: https://www.npmjs.com/package/extend-merge Module Description Shallow extend and deep merge...
Node.js third-party modules: [keyd] Prototype pollution
I would like to report a prototype pollution vulnerability in keyd module. It allows an attacker to inject properties on Object.prototype. Module module name: keyd version: 1.3.4 npm page: https://www.npmjs.com/package/keyd Module Description A small library for using and manipulating key paths i...
CVE-2020-7600
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
Code injection
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
CVE-2020-7600
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
CVE-2019-10808
utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype...
CVE-2019-10808
CVE-2019-10808 affects utilitify prior to 1.0.3. The merge function can facilitate prototype pollution by adding or modifying properties on Object.prototype, enabling attackers to tamper with object hierarchies. This is documented across multiple sources (GHSA/Snyk and vendor advisories). remedia...
[SECURITY] Fedora 30 Update: nodejs-mixin-deep-1.3.2-1.fc30
Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone...
CVE-2019-19919
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads...
CVE-2019-19919
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads...
CVE-2019-19919
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads...
assign-deep Vulnerable to Prototype Pollution
Versions of assign-deep prior to 1.0.1 and 0.4.8 are vulnerable to Prototype Pollution. The assign function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...
Prototype Pollution
Overview Versions of deeply prior to 1.0.1 are vulnerable to Prototype Pollution. The package fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. Recommendation...
Prototype Pollution
Overview Versions of assign-deep prior to 1.0.1 are vulnerable to Prototype Pollution. The assign function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...