Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21304 | 1 Dynamoosejs | 1 Dynamoose | 2022-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability. | |||||
| CVE-2021-21368 | 1 Msgpack5 Project | 1 Msgpack5 | 2022-10-24 | 6.5 MEDIUM | 8.8 HIGH |
| msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "__proto__", it assigns the decoded value to __proto__. Object.prototype.__proto__ is an accessor property for the receiver's prototype. If the value corresponding to the key __proto__ decodes to an object or null, msgpack5 sets the decoded object's prototype to that value. An attacker who can submit crafted MessagePack data to a service can use this to produce values that appear to be of other types; may have unexpected prototype properties and methods (for example length, numeric properties, and push et al if __proto__'s value decodes to an Array); and/or may throw unexpected exceptions when used (for example if the __proto__ value decodes to a Map or Date). Other unexpected behavior might be produced for other types. There is no effect on the global prototype. This "prototype poisoning" is sort of a very limited inversion of a prototype pollution attack. Only the decoded value's prototype is affected, and it can only be set to msgpack5 values (though if the victim makes use of custom codecs, anything could be a msgpack5 value). We have not found a way to escalate this to true prototype pollution (absent other bugs in the consumer's code). This has been fixed in msgpack5 version 3.6.1, 4.5.1, and 5.2.1. See the referenced GitHub Security Advisory for an example and more details. | |||||
| CVE-2022-37602 | 1 Grunt-karma Project | 1 Grunt-karma | 2022-10-15 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js. | |||||
| CVE-2022-37611 | 1 Gh-pages Project | 1 Gh-pages | 2022-10-14 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js. | |||||
| CVE-2022-37614 | 1 Mockery Project | 1 Mockery | 2022-10-14 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js. | |||||
| CVE-2022-37609 | 1 Js-beautify Project | 1 Js-beautify | 2022-10-14 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js. | |||||
| CVE-2022-37617 | 1 Browserify-shim Project | 1 Browserify-shim | 2022-10-13 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. | |||||
| CVE-2021-41097 | 1 Bluespire | 1 Aurelia-path | 2022-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses `aurelia-path` package to parse a string. The majority of this will be Aurelia applications that employ the `aurelia-router` package. An example is this could allow an attacker to change the prototype of base object class `Object` by tricking an application to parse the following URL: `https://aurelia.io/blog/?__proto__[asdf]=asdf`. The problem is patched in version `1.1.7`. | |||||
| CVE-2022-37265 | 1 Stealjs | 1 Steal | 2022-09-22 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js. | |||||
| CVE-2022-37258 | 1 Stealjs | 1 Steal | 2022-09-21 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. | |||||
| CVE-2022-37264 | 1 Stealjs | 1 Steal | 2022-09-19 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. | |||||
| CVE-2022-37266 | 1 Stealjs | 1 Steal | 2022-09-19 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. | |||||
| CVE-2022-37257 | 1 Stealjs | 1 Steal | 2022-09-19 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. | |||||
| CVE-2021-3757 | 1 Immer Project | 1 Immer | 2022-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |||||
| CVE-2021-39205 | 1 8x8 | 1 Jitsi Meet | 2022-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-39227 | 1 Baidu | 1 Zrender | 2022-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts. | |||||
| CVE-2021-40663 | 1 Deep.assign Project | 1 Deep.assign | 2022-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). | |||||
| CVE-2022-25907 | 1 Typescript Deep Merge Project | 1 Typescript Deep Merge | 2022-08-12 | N/A | 9.8 CRITICAL |
| The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function. | |||||
| CVE-2020-8116 | 1 Dot-prop Project | 1 Dot-prop | 2022-08-05 | 7.5 HIGH | 7.3 HIGH |
| Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | |||||
| CVE-2020-8158 | 1 Typeorm | 1 Typeorm | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks. | |||||