Prototype Pollution

@allpro/form-manager is vulnerable to Prototype Pollution. The vulnerability is due to inadequate validation and protection in the setDefaults, mergeBranch, and Object.setObjectValue methods, which allows attackers to manipulate Object.prototype and potentially escalate to Denial of Service, remo...

CVE-2024-36572

Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue...

PT-2024-27072 · Unknown · Allpro Form-Manager

Name of the Vulnerable Software and Affected Versions: allpro form-manager version 0.7.4 Description: The issue allows attackers to run arbitrary code and cause other impacts. This is achieved via the functions setDefaults, mergeBranch, and Object.setObjectValue. Recommendations: For allpro...

CVE-2024-36572

Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue...

FormManager 安全漏洞

FormManager is a collection of data manipulation tools for form data by Kevin Dalman, an individual developer. A security vulnerability exists in FormManager version 0.7.4. An attacker exploited the vulnerability to run arbitrary code via the functions setDefaults, mergeBranch, and...