shvl vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Details The NPM module 'shvl' can be abused by Prototype Pollution vulnerability since the function 'set' did not check for the...

GHSA-WG6G-PPVX-927H Prototype Pollution in cached-path-relative

The package cached-path-relative before 1.1.0 is vulnerable to Prototype Pollution via the cache variable that is set as instead of Object.createnull in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative...

CVE-2021-23518

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as instead of Object.createnull in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative...

CVE-2021-23518 Prototype Pollution

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as instead of Object.createnull in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative...

CVE-2021-23518

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as instead of Object.createnull in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative...

Google Chrome 67 / 68 / 69 Object.create Type Confusion Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 67, 68 and 69 Object.create exploit', 'Description' = %q This modules exploits a type confusion in Google Chromes JIT compiler. The...

Google Chrome 67, 68 and 69 Object.create exploit

This modules exploits a type confusion in Google Chromes JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process. This module can target the render...

Chrome: V8: JIT: JSBuiltinReducer::ReduceObjectCreate fails to ensure that the prototype is "null"

I think this commit has introduced the bug. https://chromium.googlesource.com/v8/v8/+/ff7063c7d5d8ad8eafcce3da59e65d7fe2b4f915%5E%21/F2 According to the description, Object.create is supposed to be inlined only when the prototype given as the parameter is "null". The following check has to...

Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype is _null_

Chrome V8 JIT - JSBuiltinReducer::ReduceObjectCreate Fails to Ensure that the Prototype is null / I think this commit has introduced the bug. https://chromium.googlesource.com/v8/v8/+/ff7063c7d5d8ad8eafcce3da59e65d7fe2b4f915%5E%21/F2 According to the description, Object.create is supposed to be...

Chrome V8 JIT JSBuiltinReducer::ReduceObjectCreate NULL Check Fail Exploit

Exploit for multiple platform in category dos / poc Chrome: V8: JIT: JSBuiltinReducer::ReduceObjectCreate fails to ensure that the prototype is "null" I think this commit has introduced the bug. https://chromium.googlesource.com/v8/v8/+/ff7063c7d5d8ad8eafcce3da59e65d7fe2b4f915%5E%21/F2 According ...