Total
382 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7702 | 1 Templ8 Project | 1 Templ8 | 2024-11-21 | 9.8 Critical |
| All versions of package templ8 are vulnerable to Prototype Pollution via the parse function. | ||||
| CVE-2020-7701 | 1 Springtree | 1 Madlib-object-utils | 2024-11-21 | 9.8 Critical |
| madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue. | ||||
| CVE-2020-7700 | 1 Php.js Project | 1 Php.js | 2024-11-21 | 9.8 Critical |
| All versions of phpjs are vulnerable to Prototype Pollution via parse_str. | ||||
| CVE-2020-7699 | 2 Express-fileupload Project, Netapp | 2 Express-fileupload, Max Data | 2024-11-21 | 7.5 High |
| This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution. | ||||
| CVE-2020-7679 | 1 Casperjs | 1 Casperjs | 2024-11-21 | 7.3 High |
| In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. | ||||
| CVE-2020-7644 | 1 Fun-map Project | 1 Fun-map | 2024-11-21 | 8.1 High |
| fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||||
| CVE-2020-7643 | 1 Idea | 1 Paypal-adaptive | 2024-11-21 | 5.3 Medium |
| paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||||
| CVE-2020-7641 | 1 Grunt-util-property Project | 1 Grunt-util-property | 2024-11-21 | 4 Medium |
| This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||||
| CVE-2020-7639 | 1 Dot Project | 1 Dot | 2024-11-21 | 5.3 Medium |
| eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||||
| CVE-2020-7638 | 1 Confinit Project | 1 Confinit | 2024-11-21 | 5.3 Medium |
| confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | ||||
| CVE-2020-7637 | 1 Class-transformer Project | 1 Class-transformer | 2024-11-21 | 5.3 Medium |
| class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | ||||
| CVE-2020-7618 | 1 Sds Project | 1 Sds | 2024-11-21 | 5.3 Medium |
| sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'. | ||||
| CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2024-11-21 | 4.4 Medium |
| ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. | ||||
| CVE-2020-7616 | 1 Express-mock-middleware Project | 1 Express-mock-middleware | 2024-11-21 | 5.3 Medium |
| express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk. | ||||
| CVE-2020-7608 | 2 Redhat, Yargs | 5 Enterprise Linux, Openshift Container Storage, Quay and 2 more | 2024-11-21 | 5.3 Medium |
| yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. | ||||
| CVE-2020-7600 | 1 Querymen Project | 1 Querymen | 2024-11-21 | 5.3 Medium |
| querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks. | ||||
| CVE-2020-7598 | 3 Opensuse, Redhat, Substack | 9 Leap, Enterprise Linux, Openshift and 6 more | 2024-11-21 | 5.6 Medium |
| minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. | ||||
| CVE-2020-5258 | 3 Debian, Linuxfoundation, Oracle | 10 Debian Linux, Dojo, Communications Application Session Controller and 7 more | 2024-11-21 | 7.7 High |
| In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2 | ||||
| CVE-2020-36632 | 1 Flat Project | 1 Flat | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to initiate the attack remotely. Upgrading to version 5.0.1 is able to address this issue. The name of the patch is 20ef0ef55dfa028caddaedbcb33efbdb04d18e13. It is recommended to upgrade the affected component. The identifier VDB-216777 was assigned to this vulnerability. | ||||
| CVE-2020-28471 | 1 Properties-reader Project | 1 Properties-reader | 2024-11-21 | 7.3 High |
| This affects the package properties-reader before 2.2.0. | ||||