Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26920 | 1 Naturalintelligence | 1 Fast Xml Parser | 2023-12-14 | N/A | 6.5 MEDIUM |
| fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. | |||||
| CVE-2023-26158 | 1 Mockjs | 1 Mock.js | 2023-12-12 | N/A | 8.2 HIGH |
| All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). User controlled inputs inside the extend() method of the Mock.Handler, Mock.Random, Mock.RE.Handler or Mock.Util, will allow an attacker to exploit this vulnerability. Workaround By using a denylist of dangerous attributes, this weakness can be eliminated. Add the following line in the Util.extend function: js js if (["__proto__", "constructor", "prototype"].includes(name)) continue js // src/mock/handler.js Util.extend = function extend() { var target = arguments[0] || {}, i = 1, length = arguments.length, options, name, src, copy, clone if (length === 1) { target = this i = 0 } for (; i < length; i++) { options = arguments[i] if (!options) continue for (name in options) { if (["__proto__", "constructor", "prototype"].includes(name)) continue src = target[name] copy = options[name] if (target === copy) continue if (copy === undefined) continue if (Util.isArray(copy) || Util.isObject(copy)) { if (Util.isArray(copy)) clone = src && Util.isArray(src) ? src : [] if (Util.isObject(copy)) clone = src && Util.isObject(src) ? src : {} target[name] = Util.extend(clone, copy) } else { target[name] = copy } } } return target } | |||||
| CVE-2023-6293 | 1 Sequelizejs | 1 Sequelize-typescript | 2023-11-30 | N/A | 7.1 HIGH |
| Prototype Pollution in GitHub repository robinbuschmann/sequelize-typescript prior to 2.1.6. | |||||
| CVE-2022-46175 | 2 Fedoraproject, Json5 | 2 Fedora, Json5 | 2023-11-26 | N/A | 8.8 HIGH |
| JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later. | |||||
| CVE-2023-45827 | 1 Clickbar | 1 Dot-diver | 2023-11-14 | N/A | 9.8 CRITICAL |
| Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability. | |||||
| CVE-2023-1717 | 1 Bitrix24 | 1 Bitrix24 | 2023-11-09 | N/A | 9.6 CRITICAL |
| Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`. | |||||
| CVE-2023-3965 | 1 Saleswizard | 1 Nsc | 2023-11-07 | N/A | 6.1 MEDIUM |
| The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2023-3962 | 1 Myshopkit | 1 Winters | 2023-11-07 | N/A | 6.1 MEDIUM |
| The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2023-3933 | 1 Wiloke | 1 Your Journey | 2023-11-07 | N/A | 6.1 MEDIUM |
| The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2023-26139 | 1 Underscore-keypath Project | 1 Underscore-keypath | 2023-11-07 | N/A | 7.5 HIGH |
| Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”. | |||||
| CVE-2023-26133 | 1 Progressbar.js Project | 1 Progressbar.js | 2023-11-07 | N/A | 9.8 CRITICAL |
| All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js. | |||||
| CVE-2023-26132 | 1 Dottie Project | 1 Dottie | 2023-11-07 | N/A | 7.5 HIGH |
| Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file. | |||||
| CVE-2023-26122 | 1 Safe-eval Project | 1 Safe-eval | 2023-11-07 | N/A | 10.0 CRITICAL |
| All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf(). | |||||
| CVE-2023-26121 | 1 Safe-eval Project | 1 Safe-eval | 2023-11-07 | N/A | 10.0 CRITICAL |
| All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content. | |||||
| CVE-2023-26113 | 1 Collection.js Project | 1 Collection.js | 2023-11-07 | N/A | 7.5 HIGH |
| Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js. | |||||
| CVE-2023-26106 | 1 Dot-lens Project | 1 Dot-lens | 2023-11-07 | N/A | 7.5 HIGH |
| All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file. | |||||
| CVE-2023-26105 | 1 Utilities Project | 1 Utilities | 2023-11-07 | N/A | 7.5 HIGH |
| All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function. | |||||
| CVE-2023-26102 | 1 Rangy Project | 1 Rangy | 2023-11-07 | N/A | 8.2 HIGH |
| All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype | |||||
| CVE-2022-36060 | 1 Matrix | 1 React Sdk | 2023-11-07 | N/A | 5.3 MEDIUM |
| matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. This issue has been fixed in matrix-react-sdk 3.53.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2021-21297 | 1 Nodered | 1 Node-red | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url. | |||||