76 matches found
Prototype Pollution
Overview i18next-fs-backend is an i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Affected versions of this package are vulnerable to Prototype Pollution via the getLastOfPath method. An attacker can modify global object...
Prototype Pollution
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via polluted Object.prototype properties in the merge process. An attacker can inject arbitrary HTTP headers into outbound requests or cause synchrono...
CLSA-2026-1779123410 jq: Fix of 8 CVEs
CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...
Prototype Pollution
Overview defu is a Recursively assign default properties. Lightweight and Fast! Affected versions of this package are vulnerable to Prototype Pollution via the defu function. An attacker can override default configuration values by supplying crafted input containing a proto key, which results in...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially impacting application behaviour. Notes: 1 Version 4.18.0 was intend...
Prototype Pollution
Overview @mikro-orm/core is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to Prototype Pollution via the...
Prototype Pollution
Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Prototype Pollution via the uneval method. An attacker can manipulate object prototypes by supplying...
Prototype Pollution
Overview @casl/ability is a CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access Affected versions of this package are vulnerable to Prototype Pollution via the rulesToFields which handles object properties. An attacker can inject...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete methods held in properties of global prototypes but cannot overwrite those properties. Details Prototype Pollution is a vulnerability affecting JavaScript...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete methods held in properties of global prototypes but cannot overwrite those properties. Details Prototype Pollution is a vulnerability affecting JavaScript...
EUVD-2024-0786
Malicious code in bioql PyPI...
Prototype Pollution
Overview csvjson is a convert csv to json and json to csv Affected versions of this package are vulnerable to Prototype Pollution via the toCsv function. An attacker can cause a denial of service by injecting properties into Object.prototype through a crafted payload. Details Prototype Pollution ...
Prototype Pollution
Overview org.webjars.npm:rollbar is an Effortlessly track and debug errors in your JavaScript applications with Rollbar. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. Affected versions of this package are...
Prototype Pollution
Overview messageformat is an Intl.MessageFormat / Unicode MessageFormat 2 parser, runtime and polyfill Affected versions of this package are vulnerable to Prototype Pollution via improper handling of message key paths containing special characters in the process when processing nested message key...
Prototype Pollution
Overview sassdoc-extras is a SassDoc's Toolbelt Affected versions of this package are vulnerable to Prototype Pollution via the byGroupAndType function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially leading to application instability or service disruption. Details Prototy...
Prototype Pollution
Overview rollbar is an Effortlessly track and debug errors in your JavaScript applications with Rollbar. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. Affected versions of this package are vulnerable to Prototyp...
Prototype Pollution
Overview mpregular is a Affected versions of this package are vulnerable to Prototype Pollution via the mp.addEventHandler function. An attacker can cause application instability or crash by injecting malicious properties into Object.prototype through a specially crafted payload. Details Prototyp...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution via the attachToObject function. An attacker can inject arbitrary properties into Object.prototype by supplying a crafted payload, potentially causing application instability or denial of service. Details Prototype...
Prototype Pollution
Overview docarray is a The data structure for multimodal data Affected versions of this package are vulnerable to Prototype Pollution due to a lack of sanitization of unauthorized internal object in the getitem method. An attacker can manipulate object prototype attributes by sending a crafted...