EUVD-2021-1122

Malware in sbrugna...

Upgraded Q -> 2 from #523 [1677626174331]

Judge has assessed an item in Issue 523 as 2 risk. The relevant finding follows: Title Add function for feeRecipient change in MultiRewardEscrow.sol contract Links to affected code Vulnerability details Impact If account feeRecipient would be compromised, or the protocol owner wants from some oth...

Add a tme lock to VoterProxy.sol setter function

Lines of code%20external%20%7B,%7D,-function%20deposit Vulnerability details Impact More trust for user functions that are set key/critical variables should be behind a timelock. Proof of Concept%20external%20%7B,%7D,-function%20deposit Tools Used Manuel review Recommended Mitigation Steps Add a...

Prototype Pollution in safe-object2

All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function...

GHSA-JPQ3-XF27-5JF2 Prototype Pollution in safe-object2

All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function...

Prototype Pollution in property-expr

Overview property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. Recommendation Upgrade to version 2.0.3 or later References - CVE - GitHub Advisory...

Prototype Pollution in property-expr

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function...

GHSA-6FW4-HR69-G3RV Prototype Pollution in property-expr

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function...

Prototype Pollution in safe-object2

All versions of safe-object2 are vulnerable to prototype pollution. The settter function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...

CVE-2020-7726 Prototype Pollution

All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function...

PT-2020-19747 · Unknown · Safe-Object2

Name of the Vulnerable Software and Affected Versions: safe-object2 versions affected versions not specified Description: The issue concerns Prototype Pollution via the setter function. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

CVE-2020-7707

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function...

CVE-2020-7707

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function...

Design/Logic Flaw

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function...

CVE-2020-7707 Prototype Pollution

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function...

Cross-site Scripting through global scope pollution — Mozilla

As you browse from site to site each new page should start with a clean slate. shutdown reports a technique that pollutes the global scope of a window in a way that persists from page to page. A malicious script could define a setter function for a variable known to be used by a popular site, and...