EUVD-2021-1182

Malware in sbrugna...

Prototype Pollution in promisehelpers

All versions of package promisehelpers up to and including version 0.0.5 are vulnerable to Prototype Pollution via the insert function...

GHSA-RJ5F-7C8X-GJG4 Prototype Pollution in promisehelpers

All versions of package promisehelpers up to and including version 0.0.5 are vulnerable to Prototype Pollution via the insert function...

Prototype Pollution

promisehelpers is vulnerable to prototype pollution. The vulnerability exists as the insert function does not restrict proto headers to be set in objects...

CVE-2020-7723

All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function...

Code injection

All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function...

CVE-2020-7723

CVE-2020-7723 affects the JavaScript package promisehelpers. All versions prior to 0.0.6 are vulnerable to prototype pollution via the insert function, enabling an attacker to inject properties into Object.prototype (e.g., through proto ). Documented impacts include potential denial of service an...

CVE-2020-7723 Prototype Pollution

All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function...

PT-2020-19744 · Unknown · Promisehelpers

Name of the Vulnerable Software and Affected Versions: promisehelpers versions prior to 0.0.6 Description: The issue concerns Prototype Pollution via the insert function. This allows for potential manipulation of object properties. Recommendations: For versions prior to 0.0.6, update to version...

Prototype Pollution

Overview promisehelpers is a Promise helper functions Affected versions of this package are vulnerable to Prototype Pollution via the insert function. POC: const promisehelpers = require'promisehelpers'; var obj = ; promisehelpers.insert'proto', 'polluted', trueobj; console.logpolluted; // true...