Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7736

Summary
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At-02 Oct, 2020 | 09:25
Updated At-16 Sep, 2024 | 18:55
Rejected At-
Credits

Prototype Pollution

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:snyk
Assigner Org ID:bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At:02 Oct, 2020 | 09:25
Updated At:16 Sep, 2024 | 18:55
Rejected At:
▼CVE Numbering Authority (CNA)
Prototype Pollution

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.

Affected Products
Vendor
n/a
Product
bmoor
Versions
Affected
  • From unspecified before 0.8.12 (custom)
Problem Types
TypeCWE IDDescription
textN/APrototype Pollution
Type: text
CWE ID: N/A
Description: Prototype Pollution
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
NerdJS
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://snyk.io/vuln/SNYK-JS-BMOOR-598664
x_refsource_MISC
https://github.com/b-heilman/bmoor/commit/7d4a086a1dc3ef11ed0b323824d02348734b7da5
x_refsource_MISC
Hyperlink: https://snyk.io/vuln/SNYK-JS-BMOOR-598664
Resource:
x_refsource_MISC
Hyperlink: https://github.com/b-heilman/bmoor/commit/7d4a086a1dc3ef11ed0b323824d02348734b7da5
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://snyk.io/vuln/SNYK-JS-BMOOR-598664
x_refsource_MISC
x_transferred
https://github.com/b-heilman/bmoor/commit/7d4a086a1dc3ef11ed0b323824d02348734b7da5
x_refsource_MISC
x_transferred
Hyperlink: https://snyk.io/vuln/SNYK-JS-BMOOR-598664
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/b-heilman/bmoor/commit/7d4a086a1dc3ef11ed0b323824d02348734b7da5
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:report@snyk.io
Published At:02 Oct, 2020 | 10:15
Updated At:02 Dec, 2022 | 19:47

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
bmoor_project
bmoor_project
>>bmoor>>Versions before 0.8.12(exclusive)
cpe:2.3:a:bmoor_project:bmoor:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1321Primarynvd@nist.gov
CWE ID: CWE-1321
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/b-heilman/bmoor/commit/7d4a086a1dc3ef11ed0b323824d02348734b7da5report@snyk.io
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-BMOOR-598664report@snyk.io
Exploit
Third Party Advisory
Hyperlink: https://github.com/b-heilman/bmoor/commit/7d4a086a1dc3ef11ed0b323824d02348734b7da5
Source: report@snyk.io
Resource:
Patch
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JS-BMOOR-598664
Source: report@snyk.io
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

200Records found
CVE-2022-4742
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 20.62%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 07:09
Updated-03 Aug, 2024 | 01:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
json-pointer index.js set prototype pollution

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. Upgrading to version 0.6.2 is able to address this issue. The patch is identified as 859c9984b6c407fc2d5a0a7e47c7274daa681941. It is recommended to upgrade the affected component. VDB-216794 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-json-pointer_projectn/a
Product-json-pointerjson-pointer
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2025-3197
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 23.49%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 05:00
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.

Action-Not Available
Vendor-n/a
Product-expand-object
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25949
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 73.93%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 12:00
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-set-getter_projectn/a
Product-set-getterset-getter
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25916
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.93%
||
7 Day CHG~0.00%
Published-16 Mar, 2021 | 15:07
Updated-30 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-patchmerge_projectn/a
Product-patchmergepatchmerge
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25947
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.54% / 84.88%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 19:51
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-nestie_projectn/a
Product-nestienestie
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25943
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.93%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 13:32
Updated-30 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-101_projectn/a
Product-101101
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25913
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.93%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 21:22
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-set-or-get_projectn/a
Product-set-or-getset-or-get
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23419
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.43% / 61.81%
||
7 Day CHG~0.00%
Published-08 Aug, 2021 | 07:30
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.

Action-Not Available
Vendor-open-graph_projectn/a
Product-open-graphopen-graph
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23497
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-3.25% / 86.63%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 20:00
Updated-16 Sep, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821

Action-Not Available
Vendor-set_projectn/a
Product-set@strikeentco/set
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2022-41879
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-0.07% / 23.06%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parse Server subject to Prototype pollution via Cloud Code Webhooks

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option. This issue has been patched in versions 5.3.3 and 4.10.20. There are no known workarounds.

Action-Not Available
Vendor-parseplatformparse-community
Product-parse-serverparse-server
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23702
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.6||HIGH
EPSS-0.38% / 58.68%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 20:00
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend.

Action-Not Available
Vendor-object-extend_projectn/a
Product-object-extendobject-extend
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2022-41878
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-0.06% / 17.09%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the `requestKeywordDenylist` option. This issue is fixed in versions 4.10.19, and 5.3.2. If upgrade is not possible, the following Workarounds may be applied: Configure your firewall to only allow trusted servers to make request to the Parse Server Cloud Code Webhooks API, or block the API completely if you are not using the feature.

Action-Not Available
Vendor-parseplatformparse-community
Product-parse-serverparse-server
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-25977
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.00%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 00:00
Updated-25 Mar, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.

Action-Not Available
Vendor-canvgn/a
Product-canvgn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2024-38985
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 00:00
Updated-30 Apr, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Action-Not Available
Vendor-janrywangn/a
Product-depathn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2022-39357
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.13% / 33.52%
||
7 Day CHG~0.00%
Published-26 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Winter vulnerable to Prototype Pollution in Snowboard framework

Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.

Action-Not Available
Vendor-wintercmswintercms
Product-winterwinter
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25914
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-3.23% / 86.58%
||
7 Day CHG~0.00%
Published-01 Mar, 2021 | 17:20
Updated-30 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-fireblinkn/a
Product-object-colliderobject-collider
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25928
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-3.35% / 86.81%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 10:54
Updated-30 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-mantan/a
Product-safe-objsafe-obj
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25953
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.54% / 84.88%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 10:34
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-putil-merge_projectn/a
Product-putil-mergeputil-merge
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-26707
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 77.04%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 14:24
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.

Action-Not Available
Vendor-merge-deep_projectn/aNetApp, Inc.
Product-e-series_performance_analyzermerge-deepn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25941
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.93%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 13:43
Updated-30 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'deep-override' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-deep-override_projectn/a
Product-deep-overridedeep-override
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25915
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.93%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 14:20
Updated-30 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-changeset_projectn/a
Product-changesetchangeset
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25952
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.93%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 11:47
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-just-safe-set_projectn/a
Product-just-safe-setjust-safe-set
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25944
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.54% / 84.88%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 18:26
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-deep-defaults_projectn/a
Product-deep-defaultsdeep-defaults
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25946
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.93%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 18:48
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-nconf-toml_projectn/a
Product-nconf-tomlnconf-toml
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25948
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.93%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 11:55
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-expand-hash_projectn/a
Product-expand-hashexpand-hash
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2022-39396
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-37.62% / 97.08%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This issue is patched in version 5.3.1 and in 4.10.18. There are no known workarounds.

Action-Not Available
Vendor-parseplatformparse-community
Product-parse-serverparse-server
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2022-37598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 44.07%
||
7 Day CHG~0.00%
Published-20 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report.

Action-Not Available
Vendor-uglifyjs_projectn/a
Product-uglifyjsn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23760
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.6||MEDIUM
EPSS-2.43% / 84.52%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:31
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048)

Action-Not Available
Vendor-keyget_projectn/a
Product-keygetn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23450
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-2.41% / 84.48%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 20:05
Updated-16 Sep, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe Linux FoundationOracle Corporation
Product-debian_linuxweblogic_serverprimavera_unifiercommunications_policy_managementdojodojo
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23396
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.6||MEDIUM
EPSS-0.39% / 59.29%
||
7 Day CHG~0.00%
Published-17 Jun, 2021 | 16:15
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.

Action-Not Available
Vendor-lutils_projectn/a
Product-lutilslutils
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23403
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.53% / 66.28%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 16:10
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.

Action-Not Available
Vendor-ts-nodash_projectn/a
Product-ts-nodashts-nodash
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23561
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.00%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 20:05
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function.

Action-Not Available
Vendor-c2fon/a
Product-combcomb
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23574
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-1.27% / 78.69%
||
7 Day CHG~0.00%
Published-24 Dec, 2021 | 20:00
Updated-16 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655).

Action-Not Available
Vendor-js-datan/a
Product-js-datajs-data
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23433
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.9||MEDIUM
EPSS-0.37% / 57.89%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 19:25
Updated-16 Sep, 2024 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.

Action-Not Available
Vendor-algolian/a
Product-algoliasearch-helperalgoliasearch-helper
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23700
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.00%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 20:05
Updated-16 Sep, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function.

Action-Not Available
Vendor-merge-deep2_projectn/a
Product-merge-deep2merge-deep2
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23395
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.22% / 45.03%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 19:12
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload.

Action-Not Available
Vendor-nedb_projectn/a
Product-nedbnedb
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23452
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.6||HIGH
EPSS-0.56% / 67.14%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 12:15
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.

Action-Not Available
Vendor-binaryopsn/a
Product-x-assignx-assign
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23470
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.2||HIGH
EPSS-1.46% / 80.03%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 20:05
Updated-16 Sep, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077

Action-Not Available
Vendor-putil-merge_projectn/a
Product-putil-mergeputil-merge
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23568
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.50% / 65.02%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 20:05
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.

Action-Not Available
Vendor-eggjsn/a
Product-extend2extend2
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23449
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.55%
||
7 Day CHG~0.00%
Published-18 Oct, 2021 | 16:40
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox Bypass

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.

Action-Not Available
Vendor-vm2_projectn/a
Product-vm2vm2
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23663
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.00%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 20:05
Updated-16 Sep, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function.

Action-Not Available
Vendor-sey_projectn/a
Product-seysey
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23397
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.6||MEDIUM
EPSS-0.37% / 58.05%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 14:07
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.

Action-Not Available
Vendor-merge_projectn/a
Product-merge@ianwalter/merge
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23417
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.6||MEDIUM
EPSS-0.53% / 66.28%
||
7 Day CHG~0.00%
Published-28 Jul, 2021 | 16:05
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.

Action-Not Available
Vendor-deepmergefn_projectn/a
Product-deepmergefndeepmergefn
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23518
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.21%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 20:05
Updated-16 Sep, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

Action-Not Available
Vendor-cached-path-relative_projectn/aDebian GNU/Linux
Product-cached-path-relativedebian_linuxcached-path-relative
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23543
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 67.14%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 20:05
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox Bypass

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

Action-Not Available
Vendor-agoricn/a
Product-realms-shimrealms-shim
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23442
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.6||HIGH
EPSS-0.50% / 64.91%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 09:45
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object.

Action-Not Available
Vendor-cookiex-deep_projectn/a
Product-cookiex-deep@cookiex/deep
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23373
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.14%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 14:10
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality.

Action-Not Available
Vendor-set-deep-prop_projectn/a
Product-set-deep-propset-deep-prop
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23402
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.53% / 66.28%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 16:10
Updated-16 Sep, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.

Action-Not Available
Vendor-record-like-deep-assign_projectn/a
Product-record-like-deep-assignrecord-like-deep-assign
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23594
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 67.14%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 20:00
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox Bypass

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

Action-Not Available
Vendor-agoricn/a
Product-realms-shimrealms-shim
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23421
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.6||MEDIUM
EPSS-0.53% / 66.28%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 17:30
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.

Action-Not Available
Vendor-merge-change_projectn/a
Product-merge-changemerge-change
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found