Total
443 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7737 | 1 Safetydance Project | 1 Safetydance | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
All versions of package safetydance are vulnerable to Prototype Pollution via the set function.
|
|||||
| CVE-2020-7736 | 1 Bmoor Project | 1 Bmoor | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.
|
|||||
| CVE-2020-7727 | 1 Gedi Project | 1 Gedi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package gedi are vulnerable to Prototype Pollution via the set function.
|
|||||
| CVE-2020-7726 | 1 Safe-object2 Project | 1 Safe-object2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function.
|
|||||
| CVE-2020-7725 | 1 Guidesmiths | 1 Worksmith | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function.
|
|||||
| CVE-2020-7724 | 1 Tiny-conf Project | 1 Tiny-conf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function.
|
|||||
| CVE-2020-7723 | 1 Yola | 1 Promisehelpers | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function.
|
|||||
| CVE-2020-7722 | 1 Nodee-utils Project | 1 Nodee-utils | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function.
|
|||||
| CVE-2020-7721 | 1 Node-oojs Project | 1 Node-oojs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.
|
|||||
| CVE-2020-7720 | 1 Digitalbazaar | 1 Forge | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
|
|||||
| CVE-2020-7719 | 1 Locutus | 1 Locutus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.
|
|||||
| CVE-2020-7718 | 1 Gammautils Project | 1 Gammautils | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions.
|
|||||
| CVE-2020-7717 | 1 Dot-notes Project | 1 Dot-notes | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package dot-notes are vulnerable to Prototype Pollution via the create function.
|
|||||
| CVE-2020-7716 | 1 Invertase | 1 Deeps | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package deeps are vulnerable to Prototype Pollution via the set function.
|
|||||
| CVE-2020-7715 | 1 Deep-get-set Project | 1 Deep-get-set | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function.
|
|||||
| CVE-2020-7714 | 1 Realseriousgames | 1 Confucious | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package confucious are vulnerable to Prototype Pollution via the set function.
|
|||||
| CVE-2020-7713 | 1 Arr-flatten-unflatten Project | 1 Arr-flatten-unflatten | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor.
|
|||||
| CVE-2020-7708 | 1 Irrelon | 2 \@irrelon\/path, Irrelon-path | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions.
|
|||||
| CVE-2020-7707 | 1 Property-expr Project | 1 Property-expr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.
|
|||||
| CVE-2020-7706 | 1 Connie-lang Project | 1 Connie-lang | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie.
|
|||||
| CVE-2020-7704 | 1 Linux-cmdline Project | 1 Linux-cmdline | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor.
|
|||||
| CVE-2020-7703 | 1 Nis-utils Project | 1 Nis-utils | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function.
|
|||||
| CVE-2020-7702 | 1 Templ8 Project | 1 Templ8 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package templ8 are vulnerable to Prototype Pollution via the parse function.
|
|||||
| CVE-2020-7701 | 1 Springtree | 1 Madlib-object-utils | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.
|
|||||
| CVE-2020-7700 | 1 Php.js Project | 1 Php.js | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of phpjs are vulnerable to Prototype Pollution via parse_str.
|
|||||
| CVE-2020-7699 | 2 Express-fileupload Project, Netapp | 2 Express-fileupload, Max Data | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
|
This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.
|
|||||
| CVE-2020-7679 | 1 Casperjs | 1 Casperjs | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.
|
|||||
| CVE-2020-7644 | 1 Fun-map Project | 1 Fun-map | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
|
|||||
| CVE-2020-7643 | 1 Idea | 1 Paypal-adaptive | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
|
|||||
| CVE-2020-7641 | 1 Grunt-util-property Project | 1 Grunt-util-property | 2024-11-21 | N/A | 4.0 MEDIUM |
|
This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
|
|||||
| CVE-2020-7639 | 1 Dot Project | 1 Dot | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
|
|||||
| CVE-2020-7638 | 1 Confinit Project | 1 Confinit | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
|
|||||
| CVE-2020-7637 | 1 Class-transformer Project | 1 Class-transformer | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
|
|||||
| CVE-2020-7618 | 1 Sds Project | 1 Sds | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.
|
|||||
| CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2024-11-21 | 7.5 HIGH | 4.4 MEDIUM |
|
ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload.
|
|||||
| CVE-2020-7616 | 1 Express-mock-middleware Project | 1 Express-mock-middleware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk.
|
|||||
| CVE-2020-7608 | 1 Yargs | 1 Yargs-parser | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
|
|||||
| CVE-2020-7600 | 1 Querymen Project | 1 Querymen | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
|
|||||
| CVE-2020-7598 | 2 Opensuse, Substack | 2 Leap, Minimist | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
|
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
|
|||||
| CVE-2020-5258 | 3 Debian, Linuxfoundation, Oracle | 10 Debian Linux, Dojo, Communications Application Session Controller and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.7 HIGH |
|
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
|
|||||