CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2022-07-28
Waiting for details
CVE-2022-2564

Updating...
 

 
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.

 
2022-06-28
Waiting for details
CVE-2022-2246

Updating...
 

 
Prototype Pollution in GitHub repository clever/underscore.deep prior to 0.5.3.

 
2022-04-12
Medium
CVE-2022-21803

Vendor: Nconf project
Software: Nconf
 

 
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype.

 
2022-04-11
Medium
CVE-2022-1295

Vendor: Fullpage project
Software: Fullpage
 

 
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.

 
2022-04-06
Medium
CVE-2021-43138

Vendor: Async project
Software: Async
 

 
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method.

 
2022-03-22
Medium
CVE-2022-26260

Vendor: Simple-plist project
Software: Simple-plist
 

 
Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().

 
2022-03-17
Medium
CVE-2022-25354

Vendor: Set-in project
Software: Set-in
 

 
The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049)

 
Medium
CVE-2022-25352

Vendor: Libnested project
Software: Libnested
 

 
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930)

 
Medium
CVE-2022-25296

Vendor: Bodymen project
Software: Bodymen
 

 
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897)

 
Medium
CVE-2021-44908

Vendor: Sailsjs
Software: Sails
 

 
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().

 

 


Copyright 2022, cxsecurity.com

 

Back to Top