| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| All versions of package deeps are vulnerable to Prototype Pollution via the set function. |
| All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. |
| All versions of package confucious are vulnerable to Prototype Pollution via the set function. |
| All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. |
| This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. |
| This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. |
| This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. |
| The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. |
| The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. |
| The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie. |
| This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads. |
| The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor. |
| All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function. |
| All versions of package templ8 are vulnerable to Prototype Pollution via the parse function. |
| madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue. |
| All versions of phpjs are vulnerable to Prototype Pollution via parse_str. |
| This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution. |
| This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized. |
| This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require('../server/getJsonByCurl')(mock2easy, function (error, stdout) { if (error) { return res.json(500, error); } res.json(JSON.parse(stdout)); }, '', _data.interfaceUrl, query, _data.cookie,_data.interfaceType); |
| This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers. |
