Total
314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36475 | 1 Parseplatform | 1 Parse-server | 2023-07-06 | N/A | 9.8 CRITICAL |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1. | |||||
| CVE-2023-30857 | 1 Aedart | 1 Ion | 2023-05-08 | N/A | 3.7 LOW |
| @aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`. | |||||
| CVE-2022-36059 | 1 Matrix | 1 Javascript Sdk | 2023-04-05 | N/A | 5.3 MEDIUM |
| matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This issue has been fixed in matrix-js-sdk 19.4.0 and users are advised to upgrade. Users unable to upgrade may mitigate this issue by redacting applicable events, waiting for the sync processor to store data, and restarting the client. Alternatively, redacting the applicable events and clearing all storage will often fix most perceived issues. In some cases, no workarounds are possible. | |||||
| CVE-2023-28103 | 1 Matrix-react-sdk Project | 1 Matrix-react-sdk | 2023-04-05 | N/A | 8.2 HIGH |
| matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the `Object.prototype`, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue. | |||||
| CVE-2022-37616 | 2 Debian, Xmldom Project | 2 Debian Linux, Xmldom | 2023-02-10 | N/A | 9.8 CRITICAL |
| A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted." | |||||
| CVE-2021-23518 | 2 Cached-path-relative Project, Debian | 2 Cached-path-relative, Debian Linux | 2023-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573 | |||||
| CVE-2021-3805 | 2 Debian, Object-path Project | 2 Debian Linux, Object-path | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |||||
| CVE-2021-23450 | 3 Debian, Linuxfoundation, Oracle | 5 Debian Linux, Dojo, Communications Policy Management and 2 more | 2023-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | |||||
| CVE-2022-2625 | 3 Fedoraproject, Postgresql, Redhat | 3 Fedora, Postgresql, Enterprise Linux | 2022-12-02 | N/A | 8.0 HIGH |
| A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser. | |||||
| CVE-2020-7600 | 1 Querymen Project | 1 Querymen | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks. | |||||
| CVE-2020-7637 | 1 Class-transformer Project | 1 Class-transformer | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | |||||
| CVE-2020-7638 | 1 Confinit Project | 1 Confinit | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||||
| CVE-2020-7639 | 1 Dot Project | 1 Dot | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||||
| CVE-2020-7618 | 1 Sds Project | 1 Sds | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'. | |||||
| CVE-2020-7616 | 1 Express-mock-middleware Project | 1 Express-mock-middleware | 2022-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk. | |||||
| CVE-2020-7679 | 1 Casperjs | 1 Casperjs | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. | |||||
| CVE-2020-12079 | 1 Beakerbrowser | 1 Beaker | 2022-12-02 | 7.5 HIGH | 10.0 CRITICAL |
| Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API. | |||||
| CVE-2020-11066 | 1 Typo3 | 1 Typo3 | 2022-12-02 | 6.4 MEDIUM | 10.0 CRITICAL |
| In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2. | |||||
| CVE-2020-7703 | 1 Nis-utils Project | 1 Nis-utils | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function. | |||||
| CVE-2020-7704 | 1 Linux-cmdline Project | 1 Linux-cmdline | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor. | |||||