The vulnerability of the set function in the object-path library of the Aurora Application Software Center, related to uncontrolled changes to prototype attributes of objects, allows attackers to execute a “prototype pollution” attack.

The vulnerability of the set function in the object-path library of the Aurora application software is related to uncontrolled changes in object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...

The vulnerability of the set function in the set-value library of the Afroara Application Software Center, related to uncontrolled changes in object prototypes’ attributes, allows attackers to execute a “prototype pollution” attack.

The vulnerability of the set function in the set-value library of the Afroa Application Software is related to uncontrolled changes in object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to carry out a “prototype contamination” attack...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video. A security vulnerability exists in FFmpeg due to a memory leak in the av dictionary set function in dict.c. An attacker could use this vulnerability to conduct a denial-of-service attack. The vulnerability can ...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video. A security vulnerability exists in FFmpeg due to a memory leak in the av dictionary set function in dict.c. An attacker could use this vulnerability to conduct a denial-of-service attack. The vulnerability can ...

GHSA-H3RX-G5C9-8Q4X Prototype Pollution in bmoor

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function...

Prototype Pollution in bmoor

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function...

GHSA-4Q97-FH3F-J294 Prototype Pollution in tiny-conf

All versions of package tiny-conf up to and including version 1.1.0 are vulnerable to Prototype Pollution via the set function...

Prototype Pollution in tiny-conf

All versions of package tiny-conf up to and including version 1.1.0 are vulnerable to Prototype Pollution via the set function...

GHSA-JH2M-J8PP-55RC Prototype Pollution in gedi

All versions of package gedi up to and including version 1.6.3 are vulnerable to Prototype Pollution via the set function...

Prototype Pollution in gedi

All versions of package gedi up to and including version 1.6.3 are vulnerable to Prototype Pollution via the set function...

GHSA-FMRR-MX6J-H3H5 Prototype Pollution in confucious

All versions of package confucious up to and including version 0.0.12 are vulnerable to Prototype Pollution via the set function...

GHSA-RGFV-V3JH-7FFP Prototype Pollution in deeps

All versions of package deeps up to and including version 1.4.5 are vulnerable to Prototype Pollution via the set function...

Prototype Pollution in deeps

All versions of package deeps up to and including version 1.4.5 are vulnerable to Prototype Pollution via the set function...

GHSA-J7CG-H9V9-6VQP Prototype Pollution in irrelon-path and @irrelon/path

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...

Prototype Pollution in irrelon-path and @irrelon/path

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...

GHSA-VP77-FQQP-79J8 Prototype Pollution in decal

This affects all versions of package decal. The vulnerability is in the set function...

Prototype Pollution in decal

This affects all versions of package decal. The vulnerability is in the set function...

Arbitrary Code Execution

Overview total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Arbitrary Code Execution via the U.set and...

Remote Code Execution

total.js is vulnerable to remote code execution. The vulnerability exists in set of utils.js where it does not validate malicious parameter being injected and executed by a malicious user...

GHSA-6CF8-QHQJ-VJQM Prototype pollution in total.js

There is a prototype pollution vulnerability in the package total.js before version 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impa...