Total
391 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27307 | 2024-11-21 | 9.8 Critical | ||
| JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually. | ||||
| CVE-2024-22443 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-11-21 | 7.2 High |
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-21512 | 2024-11-21 | 8.2 High | ||
| Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables. | ||||
| CVE-2024-21505 | 2024-11-21 | 7.5 High | ||
| Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions. | ||||
| CVE-2023-6293 | 1 Sequelizejs | 1 Sequelize-typescript | 2024-11-21 | 7.1 High |
| Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6. | ||||
| CVE-2023-45827 | 1 Clickbar | 1 Dot-diver | 2024-11-21 | 7.3 High |
| Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability. | ||||
| CVE-2023-45282 | 1 Nasa | 1 Openmct | 2024-11-21 | 7.5 High |
| In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. | ||||
| CVE-2023-3696 | 1 Mongoosejs | 1 Mongoose | 2024-11-21 | 9.8 Critical |
| Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4. | ||||
| CVE-2023-38894 | 1 Tree Kit Project | 1 Tree Kit | 2024-11-21 | 9.8 Critical |
| A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function. | ||||
| CVE-2023-36665 | 1 Protobufjs Project | 1 Protobufjs | 2024-11-21 | 9.8 Critical |
| "protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. | ||||
| CVE-2023-26920 | 1 Naturalintelligence | 1 Fast Xml Parser | 2024-11-21 | 6.5 Medium |
| fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. | ||||
| CVE-2023-26158 | 1 Mockjs | 1 Mock.js | 2024-11-21 | 8.2 High |
| All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). User controlled inputs inside the extend() method of the Mock.Handler, Mock.Random, Mock.RE.Handler or Mock.Util, will allow an attacker to exploit this vulnerability. Workaround By using a denylist of dangerous attributes, this weakness can be eliminated. Add the following line in the Util.extend function: js js if (["__proto__", "constructor", "prototype"].includes(name)) continue js // src/mock/handler.js Util.extend = function extend() { var target = arguments[0] || {}, i = 1, length = arguments.length, options, name, src, copy, clone if (length === 1) { target = this i = 0 } for (; i < length; i++) { options = arguments[i] if (!options) continue for (name in options) { if (["__proto__", "constructor", "prototype"].includes(name)) continue src = target[name] copy = options[name] if (target === copy) continue if (copy === undefined) continue if (Util.isArray(copy) || Util.isObject(copy)) { if (Util.isArray(copy)) clone = src && Util.isArray(src) ? src : [] if (Util.isObject(copy)) clone = src && Util.isObject(src) ? src : {} target[name] = Util.extend(clone, copy) } else { target[name] = copy } } } return target } | ||||
| CVE-2023-26139 | 1 Underscore-keypath Project | 1 Underscore-keypath | 2024-11-21 | 7.5 High |
| Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”. | ||||
| CVE-2023-26135 | 1 Flatnest Project | 1 Flatnest | 2024-11-21 | 7.3 High |
| All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in the flatnest/nest.js file. | ||||
| CVE-2023-1717 | 1 Bitrix24 | 1 Bitrix24 | 2024-11-21 | 9.6 Critical |
| Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`. | ||||
| CVE-2022-4742 | 2 Json-pointer Project, Redhat | 2 Json-pointer, Service Registry | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. Upgrading to version 0.6.2 is able to address this issue. The patch is identified as 859c9984b6c407fc2d5a0a7e47c7274daa681941. It is recommended to upgrade the affected component. VDB-216794 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-46175 | 3 Fedoraproject, Json5, Redhat | 9 Fedora, Json5, Logging and 6 more | 2024-11-21 | 7.1 High |
| JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later. | ||||
| CVE-2022-37617 | 1 Browserify-shim Project | 1 Browserify-shim | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. | ||||
| CVE-2022-37616 | 2 Debian, Xmldom Project | 2 Debian Linux, Xmldom | 2024-11-21 | 9.8 Critical |
| A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted." | ||||
| CVE-2022-37609 | 1 Js-beautify Project | 1 Js-beautify | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js. | ||||