179 matches found
CVE-2023-26132
Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set function and the current variable in the /dottie.js file...
CVE-2023-26132
CVE-2023-26132 affects the Node.js package dottie. Affected component: dottie.js (set() function) within the dottie package. Vulnerable versions: all before 2.0.4. Root cause: Prototype Pollution due to insufficient input validation in set(), enabling property injection via the current variable. ...
CVE-2023-26132
Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set function and the current variable in the /dottie.js file...
PT-2023-20511
Name of the Vulnerable Software and Affected Versions dottie versions prior to 2.0.4 Description The issue is related to Prototype Pollution due to insufficient checks. It can be exploited via the set function and the current variable in the /dottie.js file. Recommendations For versions prior to...
CVE-2023-2987
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wapdxopconfigset' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the...
PT-2023-22361 · H3C · H3C Gr-1200W
Name of the Vulnerable Software and Affected Versions: H3C GR-1200W version MiniGRW1A0V100R006 Description: A stack overflow issue was discovered via the function version set. Recommendations: For H3C GR-1200W version MiniGRW1A0V100R006, as a temporary workaround, consider disabling the version s...
H3C GR-1200W 缓冲区错误漏洞
The H3C GR-1200W is a Gigabit Enterprise Wireless Router from China's Xinhua San H3C. A security vulnerability exists in the H3C GR-1200W MiniGRW1A0V100R006 version, which stems from the discovery of a contained stack overflow vulnerability via the function versionset...
CVE-2023-26976
Tenda AC6 v15.03.05.09multi was discovered to contain a stack overflow via the ssid parameter in the formfastsettingwifiset function...
dot-lens vulnerable to Prototype Pollution
All versions of the package dot-lens are vulnerable to Prototype Pollution via the set function in index.js file...
GHSA-RMHG-2CVV-Q7VX dot-lens vulnerable to Prototype Pollution
All versions of the package dot-lens are vulnerable to Prototype Pollution via the set function in index.js file...
CVE-2023-26106
All versions of the package dot-lens are vulnerable to Prototype Pollution via the set function in index.js file...
CVE-2023-26106
All versions of the package dot-lens are vulnerable to Prototype Pollution via the set function in index.js file...
CVE-2023-26106
All versions of the package dot-lens are vulnerable to Prototype Pollution via the set function in index.js file...
dot-lens 安全漏洞
dot-lens is a JavaScript library. A security vulnerability exists in dot-lens that stems from prototype contamination of the set function in the index.js file...
PT-2023-20493 · Dot-Lens · Dot-Lens
Name of the Vulnerable Software and Affected Versions: dot-lens versions all Description: The issue concerns Prototype Pollution via the set function in the index.js file. This affects all versions of the dot-lens package. There is no information provided about the estimated number of potentially...
Prototype Pollution
Overview dottie is a Fast and safe nested object access and manipulation in JavaScript Affected versions of this package are vulnerable to Prototype Pollution due to insufficient checks, via the set function and the current variable in the /dottie.js file. PoC javascript var dottie =...
SUSE CVE-2021-45931
HarfBuzz 2.9.0 has an out-of-bounds write in hbbitsetinvertiblet::set called from hbsparsesett::set and hbsetcopy...
Prototype Pollution
convict is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the set function in main.js and modify attributes such as proto, constructor, and other prototype base objects...
Prototype Pollution
Overview dot-lens is a Simple, compiled dot lenses Affected versions of this package are vulnerable to Prototype Pollution via the set function in index.js file. PoC var dot = require"dot-lens" console.log"before:"+.test dot.set"proto.test","123" console.log"after:"+.test Details Prototype...
CVE-2022-4742 json-pointer index.js set prototype pollution
A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be...