EUVD-2021-0969

Malware in sbrugna...

Prototype Pollution in property-expr

Overview property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. Recommendation Upgrade to version 2.0.3 or later References - CVE - GitHub Advisory...

@1337lawyers/design (>=0.1.0 <=0.12.14), @1337lawyers/gatsby-theme-1337 (=0.0.1) +1449 more potentially affected by CVE-2020-7707 via property-expr (>=1.0.1 <=2.0.2)

property-expr NPM version =1.0.1, =0.1.0, =1.0.0, =0.0.1-alpha.82, =1.0.0, =1.0.12-alpha.0, =1.0.12-alpha.0, =1.0.0, =1.1.0, =1.3.24-alpha.0, =0.0.1-alpha.1, =2.149.0, =2.152.0 - @amorist/gatsby-theme-antd =1.0.0 - @andersonbarros/strapi-plugin-content-type-builder =3.0.0-beta.16.8-0 and more...

Prototype Pollution in property-expr

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function...

Prototype Pollution

property-expr is vulnerable to prototype pollution. An attacker is able to add and modify properties of Object.prototype using a proto payload...

CVE-2020-7707

CVE-2020-7707 affects the Node.js property-expr module (versions before 2.0.3). Root cause is a prototype pollution flaw in the setter function, enabling remote attackers to execute arbitrary code. Affected: property-expr

PT-2020-6067 · Unknown · Property-Expr

Name of the Vulnerable Software and Affected Versions: property-expr versions prior to 2.0.3 Description: The issue is related to Prototype Pollution via the setter function. It may allow a remote attacker to perform a prototype pollution attack by exploiting uncontrolled modification of object...

Node.js third-party modules: property-expr - Prototype pollution

I would like to report Prototype pollution in property-expr It allows attacker to modify the prototype of a base object. Module module name: property-expr version: 2.0.2 npm page: https://www.npmjs.com/package/property-expr Module Description Tiny property path utilities, including path parsing a...