23 matches found
CVE-2020-7600
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks...
Prototype Pollution
Overview querymen is a Querystring parser middleware for MongoDB, Express and Nodejs. Affected versions of this package are vulnerable to Prototype Pollution. The parameters of exported function handlertype, name, fn can be controlled by users without any sanitization. This could be abused for...
PT-2020-19647 · Querymen · Querymen
Name of the Vulnerable Software and Affected Versions: querymen versions prior to 2.1.4 Description: The issue allows modification of object properties due to a lack of sanitization in the parameters of the exported function handlertype, name, fn, which can be controlled by users. This could be...