179 matches found
CVE-2020-7737
All versions of package safetydance are vulnerable to Prototype Pollution via the set function...
CVE-2020-7736
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function...
CVE-2020-7737 Prototype Pollution
All versions of package safetydance are vulnerable to Prototype Pollution via the set function...
CVE-2020-7736 Prototype Pollution
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function...
PT-2020-19753 · Bmoor · Bmoor
Name of the Vulnerable Software and Affected Versions: bmoor versions prior to 0.8.12 Description: The issue concerns Prototype Pollution via the set function. Recommendations: For versions prior to 0.8.12, update to version 0.8.12 or later to resolve the issue...
PT-2020-19754 · Unknown · Safetydance
Name of the Vulnerable Software and Affected Versions: safetydance versions all Description: The issue concerns Prototype Pollution via the set function. This affects all versions of the package, allowing for potential manipulation of object properties. Recommendations: For all versions, consider...
Prototype Pollution
keyd is vulnerable to prototype pollution. The vulnerability exists as it does not prevent the proto property to be set when the set function is called...
Prototype Pollution
gedi is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto header to be set through the set function...
Prototype Pollution
deeps is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto header to be set through the set function...
CVE-2020-7724
All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function...
CVE-2020-7716
All versions of package deeps are vulnerable to Prototype Pollution via the set function...
Design/Logic Flaw
All versions of package confucious are vulnerable to Prototype Pollution via the set function...
CVE-2020-7727
Affected software: the gedi package (JavaScript). Vulnerability: Prototype Pollution via the set function. Root cause: unsafe handling of object property paths in set, enabling pollution of Object.prototype under certain inputs. Impact (as stated in related advisories): potential for DoS or remot...
CVE-2020-7714 Prototype Pollution
All versions of package confucious are vulnerable to Prototype Pollution via the set function...
CVE-2020-7714
CVE-2020-7714 affects the npm package confucious via Prototype Pollution in the set function. Affected versions are reported as prior to 0.0.13 (PT-2020-19736), with Snyk listing up to 0.0.12; multiple sources reiterate vulnerability across versions. Root cause is unsafe merging / path-based assi...
CVE-2020-7716
CVE-2020-7716 affects the npm package deeps and is a prototype pollution vulnerability via the set function. Public sources describe affected versions as older than 1.4.6 (GHSA: all versions up to 1.4.5; PT-2020-19738 states prior to 1.4.6). Root cause: unsafe handling in object merging/set that ...
PT-2020-19738 · Deeps · Deeps
Name of the Vulnerable Software and Affected Versions: deeps versions prior to 1.4.6 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which could lead to various security issues. Recommendations: For versions...
PT-2020-19745 · Tiny-Conf · Tiny-Conf
Name of the Vulnerable Software and Affected Versions: tiny-conf versions prior to 1.1.1 is not mentioned, however, all versions up to and including 1.1.0 are vulnerable, so: tiny-conf versions up to and including 1.1.0 Description: The issue is related to Prototype Pollution via the set function...
PT-2020-19736 · Unknown · Confucious
Name of the Vulnerable Software and Affected Versions: confucious versions prior to 0.0.13 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which can lead to various security issues. Recommendations: For version...
PT-2020-19748 · Gedi · Gedi
Name of the Vulnerable Software and Affected Versions: gedi versions prior to 1.6.4 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which can lead to various security issues. Recommendations: For versions prior...