EUVD-2022-4811

Malicious code in bioql PyPI...

CVE-2020-28278

Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution...

shvl vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Details The NPM module 'shvl' can be abused by Prototype Pollution vulnerability since the function 'set' did not check for the...

GHSA-PQWC-3VHW-QCVQ shvl vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. Details The NPM module 'shvl' can be abused by Prototype Pollution vulnerability since the function 'set' did not check for the...

@averjs/core (>=1.0.22 <=2.0.0-3), @cojecom/vuex-persistedstate (=2.5.4) +11 more potentially affected by CVE-2020-28278 via shvl (=1.3.1)

shvl NPM version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on shvl and may be impacted: - @averjs/core =1.0.22, =1.1.37, =0.0.1, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =2.3.0, =1.1.1, =5.2.0 Source cves: CVE-2020-28278 Source advisory:...

Prototype Pollution in robinvdvleuten/shvl

✍️ Description Hi, I've seen a recent prototype pollution report to this library and, during the code review, found out that the applied fix doesn't work at all. The problem relies in the regex used to fix, as I shown bellow. 🕵️‍♂️ Proof of Concept The reported prototype pollution resulted in the...

Prototype Pollution

Overview shvl is a Get and set dot-notated properties within an object Affected versions of this package are vulnerable to Prototype Pollution due to an incomplete fix not protecting against the constructor.prototype vector. PoC js var shvl = require"shvl" let obj = console.log"Before: " +...

Prototype Pollution in robinvdvleuten/shvl

Description shvl is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Sensitive Information Disclosure/Denial of ServiceDoS/Remote Code Execution. Proof of...

Prototype Pollution

shvl is vulnerable to prototype pollution. The vulnerability exists through the lack of sanitization of proto header values...

CVE-2020-28278

Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28278

Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution...

Remote code execution

Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28278

Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28278

Summary (CVE-2020-28278) : The npm module shvl (versions 1.0.0–2.0.1) is affected by a prototype-pollution vulnerability. The issue arises in the set() function where unvalidated paths (e.g., proto ) can pollute Object.prototype, enabling Denial of Service and potentially Remote Code Execution. P...

Robinvdvleuten Shvl Security Vulnerability

Robinvdvleuten Shvl is a Javascript-based codebase for assigning and obtaining operations on JS objects by the Dutch individual developer Robinvdvleuten. A security vulnerability exists in Robinvdvleuten Shvl versions 1.0.0 through 2.0.1 that can be exploited by an attacker to cause a denial of...