| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. |
| All versions of package gedi are vulnerable to Prototype Pollution via the set function. |
| All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. |
| All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. |
| All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. |
| All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. |
| All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. |
| All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. |
| The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. |
| Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. |
| All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. |
| All versions of package dot-notes are vulnerable to Prototype Pollution via the create function. |
| All versions of package deeps are vulnerable to Prototype Pollution via the set function. |
| All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. |
| All versions of package confucious are vulnerable to Prototype Pollution via the set function. |
| All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. |
| This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. |
| This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. |
| This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. |
| The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. |