13 matches found
EUVD-2021-0972
Malware in sbrugna...
CVE-2019-10806
A flaw was found in vega-util prototype which could allow a remote authenticated attacker to bypass security restrictions caused by improper access control. By sending a specially crafted request using the vega.mergeConfig method, an attacker could add or modify the properties of the...
Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype...
@antv/chart-linter (>=1.1.5 <=1.1.6), @dljsbook/data (>=0.3.2 <=0.6.1) +50 more potentially affected by CVE-2019-10806 via vega-util (>=1.10.0 <=1.12.2)
vega-util NPM version =1.10.0, =1.1.5, =0.3.2, =0.6.0, =0.0.4, =1.0.0, =0.8.0, =1.0.0-alpha.4, =0.0.0-placeholder, =0.2.4, =0.4.3-dev9, =1.0.0, =1.4.0, =5.0.0, =6.0.2-alpha.0 and more Source cves: CVE-2019-10806 Source advisory: OSV:GHSA-6HWH-RQWF-CXXR...
GHSA-6HWH-RQWF-CXXR Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype...
CVE-2019-10806
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype...
CVE-2019-10806
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype...
Design/Logic Flaw
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype...
CVE-2019-10806
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype...
CVE-2019-10806
The CVE-2019-10806 issue affects vega-util prior to 1.13.1: the vega.mergeConfig method can be exploited to add or modify properties on Object.prototype (prototype pollution). This is caused by improper handling in mergeConfig, enabling an attacker to trigger changes to built-in Object properties...
PT-2020-9156 · Vega-Util · Vega-Util
Name of the Vulnerable Software and Affected Versions: vega-util versions prior to 1.13.1 Description: The issue allows manipulation of the object prototype. The vega.mergeConfig method within vega-util can be tricked into adding or modifying properties of the Object.prototype. Recommendations: F...
Prototype Pollution
Overview vega-util is a JavaScript utilities package for Vega. Affected versions of this package are vulnerable to Prototype Pollution. The vega.mergeConfig method within vega-util could be tricked into adding or modifying properties of Object.prototype. PoC by Snyk var util = require'vega-util'...
@antv/chart-linter (>=1.1.5 <=1.1.6), @dljsbook/data (>=0.3.2 <=0.6.1) +50 more potentially affected by CVE-2019-10806 via vega-util (>=1.10.0 <=1.12.2)
vega-util NPM version =1.10.0, =1.1.5, =0.3.2, =0.6.0, =0.0.4, =1.0.0, =0.8.0, =1.0.0-alpha.4, =0.0.0-placeholder, =0.2.4, =0.4.3-dev9, =1.0.0, =1.4.0, =5.0.0, =6.0.2-alpha.0 and more Source cves: CVE-2019-10806 Source advisory: SNYK:JS-VEGAUTIL-559223...