EUVD-2021-1131

Malware in sbrugna...

GHSA-M428-JQC4-2P5J Prototype Pollution in phpjs

All versions of phpjs up to and including 1.3.2 are vulnerable to Prototype Pollution via parsestr. phpjs is no longer maintained and users are advised to use Locutus as a replacement https://github.com/locutusjs/locutus...

@blueprintjs/docs (>=1.0.0 <=1.3.1), @frctl/twig (>=1.0.0-alpha.0 <=1.0.0-beta.2) +101 more potentially affected by CVE-2020-7700 via phpjs (>=0.0.1 <=1.3.2)

phpjs NPM version =0.0.1, =1.0.0, =1.0.0-alpha.0, =0.3.16, =1.2.7, =0.1.3, =1.0.1, =1.0.0, =0.7.0, =0.0.1, =0.0.9, =0.0.1-alpha.1, =0.0.1, =0.0.7 and more Source cves: CVE-2020-7700 Source advisory: OSV:GHSA-M428-JQC4-2P5J...

Prototype Pollution

phpjs is vulnerable to prototype pollution. An attacker is able to add and modify properties of Object.prototype using a proto payload...

@blueprintjs/docs (>=1.0.0 <=1.3.1), @frctl/twig (>=1.0.0-alpha.0 <=1.0.0-beta.2) +101 more potentially affected by CVE-2020-7700 via phpjs (>=0.0.1 <=1.3.2)

phpjs NPM version =0.0.1, =1.0.0, =1.0.0-alpha.0, =0.3.16, =1.2.7, =0.1.3, =1.0.1, =1.0.0, =0.7.0, =0.0.1, =0.0.9, =0.0.1-alpha.1, =0.0.1, =0.0.7 and more Source cves: CVE-2020-7700 Source advisory: SNYK:JS-PHPJS-598681...

PT-2020-19723 · Phpjs · Phpjs

Name of the Vulnerable Software and Affected Versions: phpjs versions prior to 1.3.2 and possibly later, as all versions are mentioned as vulnerable in one source, but another source specifies up to 1.3.2. Description: The issue concerns Prototype Pollution via the parse str function. This affect...