5 matches found
CVE-2026-27212
CVE-2026-27212 affects the npm package swiper (versions 6.5.1 through 12.1.1). The vulnerability is a prototype pollution in shared/utils.mjs where indexOf() checks input against forbidden strings; crafted input can pollute Object.prototype via Array.prototype, despite a prior mitigation. This ca...
CVE-2021-23370
CVE-2021-23370 affects the npm package swiper prior to 6.5.1. The root cause is prototype pollution in swiper’s code, with the impact described as vulnerable to prototype pollution. Remediation: upgrade to swiper 6.5.1 or later.
CVE-2024-39853
The CVE-2024-39853 entry concerns the ratio-swiper library by adolph_dudu, version 0.0.2. The root cause is a prototype pollution vulnerability in the parse function, which could enable an attacker to inject arbitrary properties into objects and potentially alter behavior of objects inheriting fr...
CVE-2024-38997
CVE-2024-38997 affects the adolph_dudu ratio-swiper package (v0.0.2). The issue is a prototype pollution vulnerability in the extendDefaults function, enabling attackers to inject arbitrary properties and potentially execute arbitrary code or trigger a Denial of Service (DoS). Public details cove...
CVE-2024-39000
Prototype pollution in adolph_dudu ratio-swiper v0.0.2 is caused by the parse function, enabling attackers to inject arbitrary properties that can lead to arbitrary code execution or DoS. Multiple sources (NVD, Red Hat, CNNVD, CVE/CVE-List, PT-Guard) confirm the issue and affected component. The ...