12 matches found
Prototype Pollution
web3-core-subscriptions is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of user-supplied input in the attachToObject function, which allows an attacker to inject properties into Object.prototype...
EUVD-2025-31064
Malicious code in bioql PyPI...
CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
GHSA-HHF6-3XPG-PGGX web3-core-subscriptions has a Prototype Pollution vulnerability
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
003-gas-convert (=1.0.1), 0x-hunter-core (>=1.0.0 <=1.0.1-5) +6603 more potentially affected by CVE-2025-57330 via web3-core-subscriptions (>=1.0.0-beta.27 <=2.0.0-alpha)
web3-core-subscriptions NPM version =1.0.0-beta.27, =1.0.0, =0.0.3, =0.0.3, =0.0.31, =1.1.0, =0.9.9, =0.1.0, =0.1.1 - 55tools-block =1.0.0 - 55tools-block-ext =1.0.0 - 84447xe5t8 =1.0.0 and more Source cves: CVE-2025-57330 Source advisory: OSV:GHSA-HHF6-3XPG-PGGX...
web3-core-subscriptions has a Prototype Pollution vulnerability
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
PT-2025-39329
Name of the Vulnerable Software and Affected Versions web3-core-subscriptions versions 1.10.4 and earlier Description The web3-core-subscriptions package, designed for managing web3 subscriptions, contains a flaw in the attachToObject function. This issue allows for Prototype Pollution by enablin...
CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...
CVE-2025-57330
The CVE-2025-57330 entry describes a Prototype Pollution in web3-core-subscriptions (attachToObject) affecting version 1.10.4 and earlier. The vulnerability allows an attacker to inject properties into Object.prototype via a crafted payload, with the documented minimum impact being Denial of Serv...
CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causi...