Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Nic nie znaleziono w bazie WLB2
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2022-04-12
Medium
CVE-2022-21803
Vendor:
Nconf project
Software:
Nconf
This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype.
2022-04-11
Medium
CVE-2022-1295
Vendor:
Fullpage project
Software:
Fullpage
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.
2022-04-06
Medium
CVE-2021-43138
Vendor:
Async project
Software:
Async
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method.
2022-03-22
Medium
CVE-2022-26260
Vendor:
Simple-plist project
Software:
Simple-plist
Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().
2022-03-17
Medium
CVE-2022-25354
Vendor:
Set-in project
Software:
Set-in
The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049)
Medium
CVE-2022-25352
Vendor:
Libnested project
Software:
Libnested
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930)
Medium
CVE-2022-25296
Vendor:
Bodymen project
Software:
Bodymen
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897)
Medium
CVE-2021-44908
Vendor:
Sailsjs
Software:
Sails
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().
Medium
CVE-2021-23771
Vendor:
Argencoders-notevil project
Software:
Argencoders-...
This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878).
Medium
CVE-2021-44906
Vendor:
Substack
Software:
Minimist
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Copyright
2022
, cxsecurity.com
Back to Top
Polish
English