CWE:
 

Topic
Date
Author
Med.
Proxmox VE 3 / 4 XSS / Privilege Escalation / Code Execution
27.02.2016
Nicolas CHATELAIN


CVEMAP Search Results

CVE
Details
Description
2021-11-19
Medium
CVE-2021-23433

Vendor: Algolia
Software: Algoliasearc...
 

 
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.

 
2021-11-13
Medium
CVE-2021-3918

Vendor: Json-schema project
Software: Json-schema
 

 
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

 
2021-10-20
Medium
CVE-2021-23452

Vendor: Binaryops
Software: X-assign
 

 
This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.

 
2021-10-18
Medium
CVE-2021-23449

Vendor: Vm2 project
Software: VM2
 

 
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.

 
2021-09-06
Medium
CVE-2021-3766

Vendor: Objection project
Software: Objection
 

 
objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

 
2021-09-02
Medium
CVE-2021-3757

Vendor: Immer project
Software: Immer
 

 
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

 
2021-08-11
Medium
CVE-2021-23421

Vendor: Merge-change project
Software: Merge-change
 

 
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.

 
2021-08-08
Medium
CVE-2021-23419

Vendor: Open-graph project
Software: Open-graph
 

 
This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.

 
2021-07-28
Medium
CVE-2021-23417

Vendor: Deepmergefn project
Software: Deepmergefn
 

 
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.

 
2021-07-07
Medium
CVE-2021-25952

Vendor: Just-safe-set project
Software: Just-safe-set
 

 

 

 


Copyright 2022, cxsecurity.com

 

Back to Top