Total
344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25296 | 1 Bodymen Project | 1 Bodymen | 2024-09-17 | 6.3 Medium |
| The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897) | ||||
| CVE-2021-23561 | 1 C2fo | 1 Comb | 2024-09-17 | 6.5 Medium |
| All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function. | ||||
| CVE-2022-24279 | 1 Springtree | 1 Madlib-object-utils | 2024-09-17 | 7.5 High |
| The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676) | ||||
| CVE-2021-23771 | 2 Argencoders-notevil Project, Notevil Project | 2 Argencoders-notevil, Notevil | 2024-09-17 | 6.5 Medium |
| This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878). | ||||
| CVE-2022-25871 | 1 Querymen Project | 1 Querymen | 2024-09-17 | 5.9 Medium |
| All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867). | ||||
| CVE-2020-7768 | 1 Grpc | 1 Grpc | 2024-09-17 | 7.5 High |
| The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. | ||||
| CVE-2020-7726 | 1 Safe-object2 Project | 1 Safe-object2 | 2024-09-17 | 9.8 Critical |
| All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. | ||||
| CVE-2020-7679 | 1 Casperjs | 1 Casperjs | 2024-09-16 | 7.3 High |
| In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. | ||||
| CVE-2020-7717 | 1 Dot-notes Project | 1 Dot-notes | 2024-09-16 | 9.8 Critical |
| All versions of package dot-notes are vulnerable to Prototype Pollution via the create function. | ||||
| CVE-2020-7788 | 3 Debian, Ini Project, Redhat | 5 Debian Linux, Ini, Enterprise Linux and 2 more | 2024-09-16 | 7.3 High |
| This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-7722 | 1 Nodee-utils Project | 1 Nodee-utils | 2024-09-16 | 9.8 Critical |
| All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. | ||||
| CVE-2021-23470 | 1 Putil-merge Project | 1 Putil-merge | 2024-09-16 | 8.2 High |
| This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077 | ||||
| CVE-2020-28458 | 2 Datatables, Redhat | 3 Datatables.net, Rhev Hypervisor, Rhev Manager | 2024-09-16 | 7.3 High |
| All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. | ||||
| CVE-2020-28471 | 1 Properties-reader Project | 1 Properties-reader | 2024-09-16 | 7.3 High |
| This affects the package properties-reader before 2.2.0. | ||||
| CVE-2020-7724 | 1 Tiny-conf Project | 1 Tiny-conf | 2024-09-16 | 9.8 Critical |
| All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2020-7737 | 1 Safetydance Project | 1 Safetydance | 2024-09-16 | 7.3 High |
| All versions of package safetydance are vulnerable to Prototype Pollution via the set function. | ||||
| CVE-2021-23452 | 1 Binaryops | 1 X-assign | 2024-09-16 | 8.6 High |
| This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object. | ||||
| CVE-2021-23395 | 1 Nedb Project | 1 Nedb | 2024-09-16 | 7.3 High |
| This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload. | ||||
| CVE-2020-7725 | 1 Guidesmiths | 1 Worksmith | 2024-09-16 | 9.8 Critical |
| All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. | ||||
| CVE-2020-7703 | 1 Nis-utils Project | 1 Nis-utils | 2024-09-16 | 9.8 Critical |
| All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function. | ||||