3 matches found
NPM: piscina: Prototype Pollution Gadget → RCE via inherited options.filename
NPM: piscina: Prototype Pollution Gadget → RCE via inherited options.filename vulnerability discovered by ? in WordPress Npm piscina versions = 4.9.2...
piscina: Prototype Pollution Gadget → RCE via inherited options.filename
Summary piscina's constructor and run paths read the filename option via plain member access: js // dist/index.js line 92 constructor const filename = options.filename ? 0, common1.maybeFileURLToPathoptions.filename : null; this.options = ...kDefaultOptions, ...options, filename, maxQueue: 0 ; //...
PT-2026-50733
Name of the Vulnerable Software and Affected Versions piscina versions prior to 6.0.0-rc.2 piscina versions prior to 5.2.0 piscina versions prior to 4.9.3 Description Prototype pollution in the constructor and run paths allows an attacker to control the filename option. When the options object...