Prototype Pollution

Overview @mikro-orm/core is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to Prototype Pollution via the...

PT-2022-7147 · Json5 +4 · Json5 +4

Name of the Vulnerable Software and Affected Versions: json5 versions 1.0.1 and earlier json5 versions 2.2.1 and earlier Description: The parse method of the json5 library does not restrict parsing of keys named proto , allowing specially crafted strings to pollute the prototype of the resulting...