4 matches found
CVE-2025-47222
A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...
Prototype Pollution
Overview flatnest is a Flatten/Nest Javascript objects. Affected versions of this package are vulnerable to Prototype Pollution via the nest function in the flatnest/nest.js file. Details Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to...
Prototype Pollution
Overview dot-notes is a Two way conversions between objects and dot/bracket notation Affected versions of this package are vulnerable to Prototype Pollution via the create function. POC: const dots = require'dot-notes'; dots.create, 'proto.polluted', true; console.logpolluted; Details Prototype...
Prototype Pollution
Overview flat is a Take a nested Javascript object and flatten it, or unflatten an object with delimited keys Affected versions of this package are vulnerable to Prototype Pollution. PoC var unflatten = require'flat'.unflatten; unflatten 'proto.polluted': true ; console.logpolluted; // true Detai...