Total
377 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7643 | 1 Idea | 1 Paypal-adaptive | 2024-11-21 | 5.3 Medium |
| paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||||
| CVE-2020-7641 | 1 Grunt-util-property Project | 1 Grunt-util-property | 2024-11-21 | 4 Medium |
| This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||||
| CVE-2020-7639 | 1 Dot Project | 1 Dot | 2024-11-21 | 5.3 Medium |
| eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||||
| CVE-2020-7638 | 1 Confinit Project | 1 Confinit | 2024-11-21 | 5.3 Medium |
| confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||||
| CVE-2020-7637 | 1 Class-transformer Project | 1 Class-transformer | 2024-11-21 | 5.3 Medium |
| class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||||
| CVE-2020-7618 | 1 Sds Project | 1 Sds | 2024-11-21 | 5.3 Medium |
| sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'. | ||||
| CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2024-11-21 | 4.4 Medium |
| ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. | ||||
| CVE-2020-7616 | 1 Express-mock-middleware Project | 1 Express-mock-middleware | 2024-11-21 | 5.3 Medium |
| express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk. | ||||
| CVE-2020-7608 | 2 Redhat, Yargs | 5 Enterprise Linux, Openshift Container Storage, Quay and 2 more | 2024-11-21 | 5.3 Medium |
| yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. | ||||
| CVE-2020-7600 | 1 Querymen Project | 1 Querymen | 2024-11-21 | 5.3 Medium |
| querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks. | ||||
| CVE-2020-7598 | 3 Opensuse, Redhat, Substack | 9 Leap, Enterprise Linux, Openshift and 6 more | 2024-11-21 | 5.6 Medium |
| minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. | ||||
| CVE-2020-5258 | 3 Debian, Linuxfoundation, Oracle | 10 Debian Linux, Dojo, Communications Application Session Controller and 7 more | 2024-11-21 | 7.7 High |
| In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2 | ||||
| CVE-2020-36632 | 1 Flat Project | 1 Flat | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to initiate the attack remotely. Upgrading to version 5.0.1 is able to address this issue. The name of the patch is 20ef0ef55dfa028caddaedbcb33efbdb04d18e13. It is recommended to upgrade the affected component. The identifier VDB-216777 was assigned to this vulnerability. | ||||
| CVE-2020-36604 | 1 Hapijs | 1 Hoek | 2024-11-21 | 8.1 High |
| hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function. | ||||
| CVE-2020-28471 | 1 Properties-reader Project | 1 Properties-reader | 2024-11-21 | 7.3 High |
| This affects the package properties-reader before 2.2.0. | ||||
| CVE-2020-28462 | 1 Ion-parser Project | 1 Ion-parser | 2024-11-21 | 7.3 High |
| This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-28461 | 1 Js-ini Project | 1 Js-ini | 2024-11-21 | 7.3 High |
| This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-28460 | 1 Multi-ini Project | 1 Multi-ini | 2024-11-21 | 5.6 Medium |
| This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448. | ||||
| CVE-2020-28458 | 2 Datatables, Redhat | 3 Datatables.net, Rhev Hypervisor, Rhev Manager | 2024-11-21 | 7.3 High |
| All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. | ||||
| CVE-2020-28448 | 1 Multi-ini Project | 1 Multi-ini | 2024-11-21 | 5.6 Medium |
| This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array. | ||||