Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7743

Summary
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At-13 Oct, 2020 | 09:15
Updated At-16 Sep, 2024 | 19:31
Rejected At-
Credits

Prototype Pollution

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:snyk
Assigner Org ID:bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At:13 Oct, 2020 | 09:15
Updated At:16 Sep, 2024 | 19:31
Rejected At:
▼CVE Numbering Authority (CNA)
Prototype Pollution

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

Affected Products
Vendor
n/a
Product
mathjs
Versions
Affected
  • From unspecified before 7.5.1 (custom)
Problem Types
TypeCWE IDDescription
textN/APrototype Pollution
Type: text
CWE ID: N/A
Description: Prototype Pollution
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Alessio Della Libera (d3lla)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://snyk.io/vuln/SNYK-JS-MATHJS-1016401
x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111
x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112
x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113
x_refsource_MISC
https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82
x_refsource_MISC
https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e
x_refsource_MISC
Hyperlink: https://snyk.io/vuln/SNYK-JS-MATHJS-1016401
Resource:
x_refsource_MISC
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111
Resource:
x_refsource_MISC
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112
Resource:
x_refsource_MISC
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113
Resource:
x_refsource_MISC
Hyperlink: https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82
Resource:
x_refsource_MISC
Hyperlink: https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://snyk.io/vuln/SNYK-JS-MATHJS-1016401
x_refsource_MISC
x_transferred
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111
x_refsource_MISC
x_transferred
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112
x_refsource_MISC
x_transferred
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113
x_refsource_MISC
x_transferred
https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82
x_refsource_MISC
x_transferred
https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e
x_refsource_MISC
x_transferred
Hyperlink: https://snyk.io/vuln/SNYK-JS-MATHJS-1016401
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:report@snyk.io
Published At:13 Oct, 2020 | 10:15
Updated At:28 Jun, 2022 | 14:11

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
mathjs
mathjs
>>mathjs>>Versions before 7.5.1(exclusive)
cpe:2.3:a:mathjs:mathjs:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-1321Primarynvd@nist.gov
CWE ID: CWE-1321
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82report@snyk.io
Broken Link
Third Party Advisory
https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57ereport@snyk.io
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113report@snyk.io
Exploit
Mitigation
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112report@snyk.io
Exploit
Mitigation
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111report@snyk.io
Exploit
Mitigation
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-MATHJS-1016401report@snyk.io
Exploit
Mitigation
Third Party Advisory
Hyperlink: https://github.com/josdejong/mathjs/blob/develop/src/utils/object.js%23L82
Source: report@snyk.io
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e
Source: report@snyk.io
Resource:
Patch
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1017113
Source: report@snyk.io
Resource:
Exploit
Mitigation
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1017112
Source: report@snyk.io
Resource:
Exploit
Mitigation
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1017111
Source: report@snyk.io
Resource:
Exploit
Mitigation
Third Party Advisory
Hyperlink: https://snyk.io/vuln/SNYK-JS-MATHJS-1016401
Source: report@snyk.io
Resource:
Exploit
Mitigation
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

131Records found
CVE-2017-1001002
Matching Score-8
Assigner-46fe6300-5254-4a98-9594-a9567bec8179
ShareView Details
Matching Score-8
Assigner-46fe6300-5254-4a98-9594-a9567bec8179
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 76.57%
||
7 Day CHG~0.00%
Published-27 Nov, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

Action-Not Available
Vendor-mathjsmath.js
Product-math.jsmath.js
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-40663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.69%
||
7 Day CHG+0.29%
Published-30 Jun, 2022 | 11:52
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

Action-Not Available
Vendor-deep.assign_projectn/a
Product-deep.assignn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-44908
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.82%
||
7 Day CHG~0.00%
Published-17 Mar, 2022 | 11:47
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().

Action-Not Available
Vendor-sailsjsn/a
Product-sailsn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-3918
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.8||CRITICAL
EPSS-1.21% / 78.16%
||
7 Day CHG~0.00%
Published-13 Nov, 2021 | 00:00
Updated-17 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution in kriszyp/json-schema

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Action-Not Available
Vendor-json-schema_projectkriszypDebian GNU/Linux
Product-debian_linuxjson-schemakriszyp/json-schema
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-3815
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8||HIGH
EPSS-0.18% / 40.38%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 16:15
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution in fabiocaccamo/utils.js

utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Action-Not Available
Vendor-utils.js_projectfabiocaccamo
Product-utils.jsfabiocaccamo/utils.js
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-39227
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.40% / 59.60%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 14:10
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fix prototype pollution in the zrender merge and clone helper methods

ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts.

Action-Not Available
Vendor-baiduecomfe
Product-zrenderzrender
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-3766
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-06 Sep, 2021 | 11:17
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution in vincit/objection.js

objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Action-Not Available
Vendor-objection_projectvincit
Product-objectionvincit/objection.js
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-3757
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.89%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 12:06
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution in immerjs/immer

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Action-Not Available
Vendor-immer_projectimmerjs
Product-immerimmerjs/immer
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-3666
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.6||HIGH
EPSS-0.36% / 57.30%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:56
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution in fiznool/body-parser-xml

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Action-Not Available
Vendor-xml_body_parser_projectfiznool
Product-xml_body_parserfiznool/body-parser-xml
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-3645
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.45% / 62.87%
||
7 Day CHG~0.00%
Published-10 Sep, 2021 | 11:04
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution in viking04/merge

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Action-Not Available
Vendor-merge_projectviking04
Product-mergeviking04/merge
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2023-45827
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-7.23% / 91.24%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 17:25
Updated-04 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution vulnerability in @clickbar/dot-diver

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.

Action-Not Available
Vendor-clickbarclickbar
Product-dot-diverdot-diver
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25941
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.92%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 13:43
Updated-30 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'deep-override' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-deep-override_projectn/a
Product-deep-overridedeep-override
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25916
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.92%
||
7 Day CHG~0.00%
Published-16 Mar, 2021 | 15:07
Updated-30 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-patchmerge_projectn/a
Product-patchmergepatchmerge
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25947
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.54% / 84.87%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 19:51
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-nestie_projectn/a
Product-nestienestie
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25928
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-3.35% / 86.80%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 10:54
Updated-30 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-mantan/a
Product-safe-objsafe-obj
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25945
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.54% / 84.87%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 14:22
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-js-extend_projectn/a
Product-js-extendjs-extend
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25943
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.95% / 85.92%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 13:32
Updated-30 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-101_projectn/a
Product-101101
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-25953
Matching Score-4
Assigner-Mend
ShareView Details
Matching Score-4
Assigner-Mend
CVSS Score-9.8||CRITICAL
EPSS-2.54% / 84.87%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 10:34
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution.

Action-Not Available
Vendor-putil-merge_projectn/a
Product-putil-mergeputil-merge
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23470
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.2||HIGH
EPSS-1.46% / 80.02%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 20:05
Updated-16 Sep, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077

Action-Not Available
Vendor-putil-merge_projectn/a
Product-putil-mergeputil-merge
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23450
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-2.41% / 84.47%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 20:05
Updated-16 Sep, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe Linux FoundationOracle Corporation
Product-debian_linuxweblogic_serverprimavera_unifiercommunications_policy_managementdojodojo
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23700
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 63.99%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 20:05
Updated-16 Sep, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function.

Action-Not Available
Vendor-merge-deep2_projectn/a
Product-merge-deep2merge-deep2
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23417
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.6||MEDIUM
EPSS-0.53% / 66.28%
||
7 Day CHG~0.00%
Published-28 Jul, 2021 | 16:05
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.

Action-Not Available
Vendor-deepmergefn_projectn/a
Product-deepmergefndeepmergefn
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23558
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.68% / 70.59%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 21:31
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664)

Action-Not Available
Vendor-bmoor_projectn/a
Product-bmoorn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23568
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.50% / 65.01%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 20:05
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.

Action-Not Available
Vendor-eggjsn/a
Product-extend2extend2
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23403
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.53% / 66.28%
||
7 Day CHG~0.00%
Published-02 Jul, 2021 | 16:10
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.

Action-Not Available
Vendor-ts-nodash_projectn/a
Product-ts-nodashts-nodash
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23396
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-5.6||MEDIUM
EPSS-0.39% / 59.28%
||
7 Day CHG~0.00%
Published-17 Jun, 2021 | 16:15
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.

Action-Not Available
Vendor-lutils_projectn/a
Product-lutilslutils
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23448
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.46%
||
7 Day CHG~0.00%
Published-11 Oct, 2021 | 20:15
Updated-16 Sep, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.

Action-Not Available
Vendor-config-handler_projectn/a
Product-config-handlerconfig-handler
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23442
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-8.6||HIGH
EPSS-0.50% / 64.90%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 09:45
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object.

Action-Not Available
Vendor-cookiex-deep_projectn/a
Product-cookiex-deep@cookiex/deep
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-23518
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.19%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 20:05
Updated-16 Sep, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573

Action-Not Available
Vendor-cached-path-relative_projectn/aDebian GNU/Linux
Product-cached-path-relativedebian_linuxcached-path-relative
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7766
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-1.06% / 76.77%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 15:35
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.

Action-Not Available
Vendor-json-ptr_projectn/a
Product-json-ptrjson-ptr
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7771
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.63%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 11:50
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function.

Action-Not Available
Vendor-asciitable.js_projectn/a
Product-asciitable.jsasciitable.js
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-8158
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.32%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 20:12
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

Action-Not Available
Vendor-typeormn/a
Product-typeormtypeorm
CWE ID-CWE-471
Modification of Assumed-Immutable Data (MAID)
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7774
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.68% / 70.55%
||
7 Day CHG~0.00%
Published-17 Nov, 2020 | 12:30
Updated-16 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

Action-Not Available
Vendor-y18n_projectn/aOracle CorporationSiemens AG
Product-y18nsinec_infrastructure_network_servicesgraalvmy18n
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-8116
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.3||HIGH
EPSS-0.33% / 55.33%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 19:08
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Action-Not Available
Vendor-dot-prop_projectn/a
Product-dot-propdot-prop
CWE ID-CWE-471
Modification of Assumed-Immutable Data (MAID)
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7720
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-2.08% / 83.30%
||
7 Day CHG+0.48%
Published-01 Sep, 2020 | 09:35
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.

Action-Not Available
Vendor-digitalbazaarn/a
Product-forgenode-forge
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7679
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.77% / 72.64%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 10:40
Updated-16 Sep, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.

Action-Not Available
Vendor-casperjsn/a
Product-casperjscasperjs
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7726
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 09:50
Updated-17 Sep, 2024 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function.

Action-Not Available
Vendor-safe-object2_projectn/a
Product-safe-object2safe-object2
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7702
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 13:50
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package templ8 are vulnerable to Prototype Pollution via the parse function.

Action-Not Available
Vendor-templ8_projectn/a
Product-templ8Templ8
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7725
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 09:50
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function.

Action-Not Available
Vendor-guidesmithsn/a
Product-worksmithworksmith
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7721
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.49%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 09:40
Updated-16 Sep, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.

Action-Not Available
Vendor-node-oojs_projectn/a
Product-node-oojsnode-oojs
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7700
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.49%
||
7 Day CHG~0.00%
Published-14 Aug, 2020 | 15:05
Updated-16 Sep, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of phpjs are vulnerable to Prototype Pollution via parse_str.

Action-Not Available
Vendor-php.js_projectn/a
Product-php.jsphpjs
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7704
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 79.01%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 16:20
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor.

Action-Not Available
Vendor-linux-cmdline_projectn/a
Product-linux-cmdlinelinux-cmdline
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7701
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-1.10% / 77.17%
||
7 Day CHG~0.00%
Published-14 Aug, 2020 | 15:10
Updated-17 Sep, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.

Action-Not Available
Vendor-springtreen/a
Product-madlib-object-utilsmadlib-object-utils
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7727
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 09:50
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package gedi are vulnerable to Prototype Pollution via the set function.

Action-Not Available
Vendor-gedi_projectn/a
Product-gedigedi
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7737
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-7.3||HIGH
EPSS-0.39% / 59.28%
||
7 Day CHG~0.00%
Published-02 Oct, 2020 | 09:30
Updated-16 Sep, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package safetydance are vulnerable to Prototype Pollution via the set function.

Action-Not Available
Vendor-safetydance_projectn/a
Product-safetydancesafetydance
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7617
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-4.4||MEDIUM
EPSS-0.23% / 46.14%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 18:00
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload.

Action-Not Available
Vendor-ini-parser_projectrawiroaisen
Product-ini-parserini-parser
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7703
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.49%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 14:50
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function.

Action-Not Available
Vendor-nis-utils_projectn/a
Product-nis-utilsnis-utils
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2020-7714
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.49%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 09:20
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

All versions of package confucious are vulnerable to Prototype Pollution via the set function.

Action-Not Available
Vendor-realseriousgamesn/a
Product-confuciousconfucious
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2019-19919
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.09% / 95.84%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 22:50
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Action-Not Available
Vendor-handlebars.js_projectn/aTenable, Inc.
Product-handlebars.jstenable.scn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2024-38994
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.22% / 44.40%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 00:00
Updated-07 Jul, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Action-Not Available
Vendor-amoyjsn/aamoyjs
Product-commonn/acommon
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found