38 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-24999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto...
Linux Distros Unpatched Vulnerability : CVE-2020-7608
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yargs-parser could be tricked into adding or modifying properties of Object.prototype using a proto payload. CVE-2020-7608 Note that Nessus relies on the presen...
minimist: prototype pollution
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...
minimist: prototype pollution
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...
minimist: prototype pollution
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...
AZL-45051 CVE-2022-24999 affecting package js-jquery 3.5.0-4
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...
AZL-44307 CVE-2022-24999 affecting package nodejs-nodemon 2.0.3-5
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...
minimist: prototype pollution
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...
minimist: prototype pollution
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...
minimist: prototype pollution
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...
minimist: prototype pollution
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...
CVE-2020-7641
This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a proto payload...
grunt-util-property 安全漏洞
grunt-util-property is a package by mikaelkaron personal developer. A security vulnerability exists in grunt-util-property that stems from susceptibility to prototype contamination, where the function call may be tricked into adding or modifying properties of Object.prototype using the proto...
GHSA-G6R3-HHG9-QF58 component-flatten vulnerable to Prototype Pollution
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
GHSA-V3R2-3FP4-RP46 Prototype pollution in paypal-adaptive
paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2021-23419
This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...
PT-2021-15507 · Unknown · Open-Graph
Name of the Vulnerable Software and Affected Versions: open-graph versions prior to 0.2.6 Description: The issue affects the parse function, which can be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload. This could potentially lead to unintended...
nodejs-yargs-parser: prototype pollution vulnerability
A vulnerability was found in nodesjs-yargs-parser, where it can be tricked into adding or modifying properties of the Object.prototype using a "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
nodejs-yargs-parser: prototype pollution vulnerability
A vulnerability was found in nodesjs-yargs-parser, where it can be tricked into adding or modifying properties of the Object.prototype using a "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
Prototype Pollution
property-expr is vulnerable to prototype pollution. An attacker is able to add and modify properties of Object.prototype using a proto payload...