Prototype Pollution

Overview locutus is a Locutus other languages' stadard libraries to JavaScript for fun and educational purposes Affected versions of this package are vulnerable to Prototype Pollution in the unserialize function. An attacker can inject arbitrary properties into the prototype of deserialized...

Prototype Pollution

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Prototype Pollution in parseBody, when the dot option is enabled. An attacker can supply objects with proto properties, which may later be merged by other functions in the application,...

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeConfig function. An attacker can cause the application to crash by supplying a malicious configuration object containing ...

Prototype Pollution

devalue is vulnerable to prototype pollution. The vulnerability is due to devalue.parse not validating that an index is numeric, which allows an attacker to pass a crafted string with a proto property to assign prototypes to objects and properties...

Prototype Pollution

Overview org.webjars.npm:linkifyjs is a Find URLs, email addresses, hashtags and @mentions in plain-text strings, then convert them into HTML links. Affected versions of this package are vulnerable to Prototype Pollution via the internal assign helper due to improper filtering of the proto...

Prototype Pollution

Overview tough-cookie is a RFC6265 Cookies and CookieJar module for Node.js. Affected versions of this package are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. Due to an issue with the manner in which the objects ar...

Prototype Pollution

Overview bmoor is an A basic foundation for other libraries, establishing useful patterbs, and letting them be more. Affected versions of this package are vulnerable to Prototype Pollution due to missing sanitization in set function. Note: This vulnerability derives from an incomplete fix in...

Prototype Pollution

Overview mootools is an a library for web development, with support for OOP. Affected versions of this package are vulnerable to Prototype Pollution. This is due to the ability to pass untrusted input to Object.merge PoC: require"mootools" Object.merge, JSON.parse""proto": "vulnerable": true"...

Prototype Pollution

Overview prototyped.js is a Common typescript ready prototypes available in both es5 and es6 Affected versions of this package are vulnerable to Prototype Pollution. PoC const set = require"prototyped.js/dist/object/set".default; console.log"Prototype before set", .isAdmin; set, "proto.isAdmin",...

Prototype Pollution

Overview multi-ini is an ini-file parser which supports multi line, multiple levels and arrays to get a maximum of compatibility with Zend config files. Affected versions of this package are vulnerable to Prototype Pollution. It is possible to pollute an object's prototype by specifying the proto...

Prototype Pollution

Overview tiny-conf is a Node.js configuration with files, environment variables, command-line arguments, ... pluggable architecture in order to work in the browser & server-side Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC const tinyConf =...