Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9057 | 1 Cmsmadesimple | 1 Cms Made Simple | 2022-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection. | |||||
| CVE-2021-23433 | 1 Algolia | 1 Algoliasearch-helper | 2021-11-23 | 6.8 MEDIUM | 9.8 CRITICAL |
| The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns. | |||||
| CVE-2021-23449 | 1 Vm2 Project | 1 Vm2 | 2021-11-04 | 7.5 HIGH | 10.0 CRITICAL |
| This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. | |||||
| CVE-2021-25949 | 1 Set-getter Project | 1 Set-getter | 2021-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25948 | 1 Expand-hash Project | 1 Expand-hash | 2021-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23421 | 1 Merge-change Project | 1 Merge-change | 2021-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function. | |||||
| CVE-2021-23417 | 1 Deepmergefn Project | 1 Deepmergefn | 2021-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function. | |||||
| CVE-2021-25952 | 1 Just-safe-set Project | 1 Just-safe-set | 2021-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23402 | 1 Record-like-deep-assign Project | 1 Record-like-deep-assign | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. | |||||
| CVE-2021-23403 | 1 Ts-nodash Project | 1 Ts-nodash | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. | |||||
| CVE-2021-25945 | 1 Js-extend Project | 1 Js-extend | 2021-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-7743 | 1 Mathjs | 1 Mathjs | 2020-10-29 | 7.5 HIGH | 7.3 HIGH |
| The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | |||||
| CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2020-04-07 | 7.5 HIGH | 9.8 CRITICAL |
| ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. | |||||