EUVD-2022-6369

Malicious code in bioql PyPI...

CVE-2020-28471

This affects the package properties-reader before 2.2.0...

CVE-2020-28471

This affects the package properties-reader before 2.2.0...

Design/Logic Flaw

This affects the package properties-reader before 2.2.0...

CVE-2020-28471 Prototype Pollution

This affects the package properties-reader before 2.2.0...

CVE-2020-28471

CVE-2020-28471 affects the Node.js package properties-reader before v2.2.0 and is a prototype pollution vulnerability. Public docs confirm the issue as a prototype pollution in properties-reader, with Bitbucket Data Center/Server references noting the vulnerability in 8.19.x releases and advising...

properties-reader 安全漏洞

properties-reader is a Node.js property reader compatible with ini files by Steve King, a personal developer. A security vulnerability exists in properties-reader prior to version 2.2.0, which stems from the package's susceptibility to prototype contamination, and which can be exploited by an...

GHSA-JXVF-M3X5-MXWQ Properties-Reader before v2.2.0 vulnerable to prototype pollution

Properties-Reader prior to version 2.2.0 is vulnerable to prototype pollution. Version 2.2.0 contains a patch for this issue...

@achingbrain/appmetrics-dash (>=4.0.1 <=4.0.2), @adobe/aio-app-scripts (>=0.6.0 <=2.3.0) +190 more potentially affected by CVE-2020-28471 via properties-reader (>=0.0.10 <=2.1.1)

properties-reader NPM version =0.0.10, =4.0.1, =0.6.0, =2.1.0, =1.0.0, =0.3.1, =1.0.3, =0.6.0, =0.0.3, =0.0.2, =0.1.1, =0.2.0, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =0.1.2, =0.0.1, =0.0.10 and more Source cves: CVE-2020-28471 Source advisory: OSV:GHSA-JXVF-M3X5-MXWQ...

Properties-Reader before v2.2.0 vulnerable to prototype pollution

Properties-Reader prior to version 2.2.0 is vulnerable to prototype pollution. Version 2.2.0 contains a patch for this issue...

PT-2022-8905 · Unknown · Properties-Reader

Name of the Vulnerable Software and Affected Versions: properties-reader versions prior to 2.2.0 Description: The issue concerns a prototype pollution vulnerability. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents...

Prototype Pollution

Overview properties-reader is a Properties file reader for Node.js Affected versions of this package are vulnerable to Prototype Pollution. PoC by Eugene Lim: payload.properties proto polluted = polluted poc.js: var propertiesReader = require'properties-reader';...

@adobe/aio-app-scripts (>=0.6.0 <=2.3.0), @adobe/aio-cli (>=2.1.0 <=4.0.0) +21 more potentially affected by CVE-2020-28471 via properties-reader (>=2.0.0 <=2.1.1)

properties-reader NPM version =2.0.0, =0.6.0, =2.1.0, =1.0.0, =0.3.1, =1.0.3, =0.6.0, =1.7.0, =0.0.16, =2.0.0, =2.4.1-next.238, =2.0.0-RC1, =2.1.1-next.0, =2.1.1-next.0, =2.2.1-next.5, =2.1.1-next.0, =2.5.2-next.17 and more Source cves: CVE-2020-28471 Source advisory:...

Prototype Pollution in steveukx/properties

Description properties-reader is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC and INI files: // poc.js var propertiesReader = require'properties-reader'; console.log"Before : " + .polluted console.log"Before : " + .polluted1 var properties =...

Prototype Pollution

properties-reader is vulnerable to prototype pollution. The vulnerability exists in the PropertiesReader.prototype.set function in properties-reader.js, allowing a malicious user to inject properties into existing construct prototypes and modify attributes such as proto, constructor, and prototyp...