5 matches found
EUVD-2021-0515
Malware in sbrugna...
Prototype Pollution
Overview Affected versions of jointjs are vulnerable to Prototype Pollution via util.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution. Recommendation Update to fixed version 3.3.0 or later References - GitHub Adviso...
Prototype pollution in JointJS
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...
CVE-2020-28480 Prototype Pollution
The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath. The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution...
CVE-2020-28480
JointJS prior to 3.4.2 is affected by a Prototype Pollution in setByPath, allowing attacker-controlled path keys to pollute Object.prototype. The issue arises when the path parameter is provided as an array (or nested arrays) and assigns values on prototypes, enabling potential DoS, information d...