EUVD-2022-1036

Malicious code in bioql PyPI...

Prototype Pollution

object-path-set is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the isValidKey function of index.js and modify attributes such as proto, constructor, and prototype...

Prototype Pollution in object-path-set

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

express-requests-loggly (>=0.1.0 <=0.1.2), mongoose-power-populate (>=1.0.0 <=1.3.4) +5 more potentially affected by CVE-2021-23507 via object-path-set (>=0.0.1 <=0.0.2)

object-path-set NPM version =0.0.1, =0.1.0, =1.0.0, =0.2.3, =0.2.0, =0.1.0, =0.1.0, =1.0.0, =1.1.1 Source cves: CVE-2021-23507 Source advisory: OSV:GHSA-H6PR-C536-6RJG...

GHSA-H6PR-C536-6RJG Prototype Pollution in object-path-set

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

CVE-2021-23507

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

CVE-2021-23507

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

CVE-2021-23507

CVE-2021-23507 affects the npm package object-path-set . Versions before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, enabling an attacker to merge properties into object prototypes. Impact can include denial of service or potential remote code execution, per the provided r...

CVE-2021-23507 Prototype Pollution

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

object-path 安全漏洞

object-path is a personal developer's Npm library for accessing variables in data structures via paths. A security vulnerability exists in object-path-set prior to version 1.0.2, which stems from software that is vulnerable to Prototype Pollution via the setPath method, allowing an attacker to...

Prototype Pollution

Overview object-path-set is a set values in javascript objects by specifying a path Affected versions of this package are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix ...

Prototype Pollution

object-path-set is vulnerable to prototype pollution. The vulnerability exists as it does not prevent the proto header to be set in the object through the constructor...

Node.js third-party modules: [object-path-set] Prototype pollution

I would like to report a prototype pollution vulnerability in object-path-set module. It allows an attacker to inject properties on Object.prototype. Module module name: object-path-set version: 1.0.0 npm page: https://www.npmjs.com/package/object-path-set Module Description set values in...