EUVD-2022-1091

Malicious code in bioql PyPI...

Prototype Pollution

object-extend is vulnerable to prototype pollution. The vulnerability exists in extend function of extend.js which allows an attacker to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

Prototype Pollution in object-extend

The package object-extend from 0.0.0 through 0.5.0 is vulnerable to Prototype Pollution via object-extend...

GHSA-M639-9WHG-FW97 Prototype Pollution in object-extend

The package object-extend from 0.0.0 through 0.5.0 is vulnerable to Prototype Pollution via object-extend...

CVE-2021-23702

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend...

CVE-2021-23702

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend...

CVE-2021-23702

CVE-2021-23702 relates to a Prototype Pollution vulnerability in the object-extend package. Public documentation across multiple sources confirms the flaw exists in the extend function of object-extend, enabling an attacker to inject properties into Object.prototype (e.g., via proto ), potentiall...

CVE-2021-23702 Prototype Pollution

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend...

Prototype JavaScript framework 代码注入漏洞

Prototype JavaScript framework prototypejs is a JavaScript development framework. A code injection vulnerability exists in Prototype JavaScript framework, which stems from the vulnerability of object-extend to prototype contamination from version 0.0.0 onwards...

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via object-extend. PoC js const extend = require"object-extend"; const payload = JSON.parse'"proto":"isAdmin":"yes"'; extend, payload; const obj = "a":1; console.logobj.isAdmin // print yes on arbitrary objects since...