CASL Ability contains a prototype pollution vulnerability

Overview A prototype pollution vulnerability present in CASL Ability versions 2.4.0 through 6.7.4 is triggered through the rulesToFields function in the extra module. The program’s library contains a method called setByPath that does not properly sanitize property names, allowing attackers to add...

EUVD-2021-2047

Malware in sbrugna...

CVE-2023-45827

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...

Prototype Pollution

@clickbar/dot-diver is vulnerable to Prototype Pollution. The vulnerability is due to the getByPath and setByPath functions in index.ts not properly validating the type of the object being passed. This allows an attacker to potentially modify attributes like proto, constructor, and prototype by...

GHSA-9W5F-MW3P-PJ47 Prototype Pollution(PP) vulnerability in setByPath

Summary There is a Prototype PollutionPP vulnerability in dot-diver. It can leads to RCE. Details javascript //https://github.com/clickbar/dot-diver/tree/main/src/index.ts:277 // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access objectToSetlastKey = value In this code, there is ...

PT-2023-8584 · Dot-Diver · Dot-Diver

Name of the Vulnerable Software and Affected Versions: dot-diver versions prior to 1.0.2 Description: The issue is related to a Prototype Pollution vulnerability in the setByPath function, which can lead to remote code execution RCE. This vulnerability allows an attacker to modify object...

GHSA-F3PP-32QC-36W4 Prototype Pollution in jointjs

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...

Prototype Pollution in jointjs

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...

CVE-2021-23444

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...

Type confusion

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...

CVE-2021-23444

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...

Prototype Pollution

Overview jointjs is a JavaScript diagramming library. It can be used to create either static diagrams or, and more importantly, fully interactive diagramming tools and application builders. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can...

Prototype Pollution

keyget is vulnerable to prototype pollution. The vulnerability exists as the function setByPath did not check for the type of object before assigning value to the property...