Description
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-0900 | querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks. |
Github GHSA |
GHSA-2cf2-2383-h4jv | Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen |
References
History
No history.
Status: PUBLISHED
Assigner: snyk
Published:
Updated: 2024-08-04T09:33:19.998Z
Reserved: 2020-01-21T00:00:00.000Z
Link: CVE-2020-7600
No data.
Status : Modified
Published: 2020-03-12T23:15:12.453
Modified: 2026-06-17T03:25:05.953
Link: CVE-2020-7600
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
EUVD
Github GHSA