Prototype Pollution

Overview lodash-amd is a Lodash exported as AMD modules. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete methods held in properties of global prototypes but cannot overwrite those properties. Details Prototype...

extend2 安全漏洞

extend2 is a simple function for extending objects. Derived from node-extend, the difference is that deep cloning overwrites the array with the original array. extend2 suffers from a security vulnerability that stems from an unsafe recursive merge...

GHSA-P6XC-XR62-6R2G Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in...

Prototype Pollution

Overview chart.js is a Simple HTML5 charts using the canvas element. Affected versions of this package are vulnerable to Prototype Pollution. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options or the defaults options are deep...