EUVD-2023-2296

Malicious code in bioql PyPI...

CVE-2023-26139

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “proto”...

Prototype Pollution

underscore-keypath is vulnerable to Prototype Pollution. The vulnerability exists via the name argument in the setProperty function at underscore-keypath.js which allows an attacker to inject and modify properties such as proto in the obj parameter resulting in prototype pollution...

GHSA-GPVC-MX6G-CCHV underscore-keypath vulnerable to Prototype Pollution

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like proto...

@ckies/cli (>=0.0.2 <=0.0.4), @crawless/utils (>=1.0.0 <=1.0.24) +82 more potentially affected by CVE-2023-26139 via underscore-keypath (>=0.0.15 <=0.9.3)

underscore-keypath NPM version =0.0.15, =0.0.2, =1.0.0, =0.1.1, =0.0.1, =1.0.1, =1.2.0, =1.0.2, =1.0.0, =1.457.521, =0.0.1, =0.0.1, =1.0.0 and more Source cves: CVE-2023-26139 Source advisory: OSV:GHSA-GPVC-MX6G-CCHV...

underscore-keypath vulnerable to Prototype Pollution

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like proto...

CVE-2023-26139

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “proto”...

CVE-2023-26139

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “proto”...

CVE-2023-26139

underscore-keypath packages of version 0.0.11 and later are affected by a Prototype Pollution vulnerability in the setProperty() function via the name argument. Improper input sanitization allows strings such as proto to contaminate object prototypes, with the impact described as potential global...

underscore-keypath Security Vulnerabilities

underscore-keypath is a JavaScript library for handling keypath operations on objects. A keypath operation is the reading, setting, and manipulation of nested properties or property paths on an object specified by a string. underscore-keypath library provides a set of simple and flexible methods...

PT-2023-20517 · Unknown · Underscore-Keypath

Name of the Vulnerable Software and Affected Versions: underscore-keypath versions 0.0.11 and later Description: The issue arises from improper input sanitization in the setProperty function, allowing the usage of arguments like proto and leading to Prototype Pollution. This can be exploited due ...

@ckies/cli (>=0.0.2 <=0.0.4), @crawless/utils (>=1.0.0 <=1.0.24) +82 more potentially affected by CVE-2023-26139 via underscore-keypath (>=0.0.15 <=0.9.3)

underscore-keypath NPM version =0.0.15, =0.0.2, =1.0.0, =0.1.1, =0.0.1, =1.0.1, =1.2.0, =1.0.2, =1.0.0, =1.457.521, =0.0.1, =0.0.1, =1.0.0 and more Source cves: CVE-2023-26139 Source advisory: SNYK:JS-UNDERSCOREKEYPATH-5416714...

Prototype Pollution

Overview underscore-keypath is a mechanism extensions for underscore mixin. underscore-keypath let you access JavaScript objects and arrays with keypath easily. Affected versions of this package are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting th...