2 matches found
CVE-2020-28449
CVE-2020-28449 corresponds to a prototype pollution vulnerability in the JavaScript package decal, with the issue located in the set function. Affected software is decal (all versions), and exploitation involves injecting properties into Object.prototype (e.g., via proto or path-based definitions...
CVE-2020-28450
CVE-2020-28450 concerns the package decal and stems from the vulnerable extend function, enabling prototype pollution across all versions. Multiple connected advisories (GHSA-J32X-J8PJ-PG2H; OSV GHSA-J32X-J8PJ-PG2H; SNYK-JS-DECAL-1051028; Veracode) describe the risk of injecting properties into O...