2 matches found
CVE-2026-55388 piscina: Prototype Pollution Gadget → RCE via inherited options.filename
piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When...
NPM: piscina: Prototype Pollution Gadget → RCE via inherited options.filename
NPM: piscina: Prototype Pollution Gadget → RCE via inherited options.filename vulnerability discovered by ? in WordPress Npm piscina versions = 4.9.2...