23 matches found
CVE-2020-7600
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
EUVD-2022-6101
Malicious code in bioql PyPI...
Prototype Pollution
querymen is vulnerable to prototype pollution. Input parameters in handler function are not subject to any sanitization, which allows remote attackers to inject malicious payloads leading to prototype pollution...
GHSA-P23C-P8W2-WW5V Prototype Pollution in querymen
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600...
Prototype Pollution in querymen
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600...
@mohamed.abdelall/omni-backend (>=1.0.0 <=1.1.53), generator-rest (=0.2.0) +7 more potentially affected by CVE-2022-25871 via querymen (=2.1.4)
querymen NPM version =2.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on querymen and may be impacted: - @mohamed.abdelall/omni-backend =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.1.0, =1.0.14, =1.0.6, =1.4.10 - vulnogram =0.1.0-rc1 Source cves: CVE-2022-258...
CVE-2022-25871
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600...
CVE-2022-25871
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600...
CVE-2022-25871 Prototype Pollution
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600...
CVE-2022-25871
Summary (CVE-2022-25871) : Affects the Node.js middleware querymen . It allows Prototype Pollution through the parameters of the exported function handler(type, name, fn) when user-controlled input is not sanitized; this stems from an incomplete fix of CVE-2020-7600. The CVE entry notes the vulne...
CVE-2022-25871
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600...
querymen 安全漏洞
querymen is an individual developer's query string parser middleware for MongoDB, Express, and Nodejs. A security vulnerability exists in querymen that stems from the middleware's susceptibility to prototype contamination...
@mohamed.abdelall/omni-backend (>=1.0.0 <=1.1.53), generator-rest (=0.2.0) +7 more potentially affected by CVE-2020-7600 +1 more via querymen (=2.1.4)
querymen NPM version =2.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on querymen and may be impacted: - @mohamed.abdelall/omni-backend =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.1.0, =1.0.14, =1.0.6, =1.4.10 - vulnogram =0.1.0-rc1 Source cves: CVE-2020-760...
Prototype Pollution
Overview querymen is a Querystring parser middleware for MongoDB, Express and Nodejs. Affected versions of this package are vulnerable to Prototype Pollution if the parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. Note: This vulnerability...
GHSA-2CF2-2383-H4JV Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
CVE-2020-7600
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
CVE-2020-7600
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
Code injection
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
CVE-2020-7600
The CVE-2020-7600 entry concerns the Node.js package querymen, where versions prior to 2.1.4 are vulnerable to Prototype Pollution. The vulnerability arises from the ability to control the parameters of the exported function handler(type, name, fn) without proper sanitization, enabling an attacke...