Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20088 | 1 Mootools | 1 Mootools-more | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype. | |||||
| CVE-2021-20089 | 1 Purl Project | 1 Purl | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype. | |||||
| CVE-2021-25912 | 1 Dotty Project | 1 Dotty | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25946 | 1 Nconf-toml Project | 1 Nconf-toml | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25953 | 1 Putil-merge Project | 1 Putil-merge | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23408 | 1 Graphhopper | 1 Graphhopper | 2023-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or __proto__ payload. | |||||
| CVE-2021-20084 | 1 Jquery-sparkle Project | 1 Jquery-sparkle | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype. | |||||
| CVE-2021-25927 | 1 Safe-flat Project | 1 Safe-flat | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25947 | 1 Nestie Project | 1 Nestie | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25941 | 1 Deep-override Project | 1 Deep-override | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'deep-override' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23396 | 1 Lutils Project | 1 Lutils | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function. | |||||
| CVE-2021-25914 | 1 Fireblink | 1 Object-collider | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23329 | 1 Getadigital | 1 Nested-object-assign | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below. | |||||
| CVE-2021-25944 | 1 Deep-defaults Project | 1 Deep-defaults | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25943 | 1 101 Project | 1 101 | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25916 | 1 Patchmerge Project | 1 Patchmerge | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23395 | 1 Nedb Project | 1 Nedb | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload. | |||||
| CVE-2021-25928 | 1 Manta | 1 Safe-obj | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-20087 | 1 Acemetrix | 1 Jquery-deparam | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype. | |||||
| CVE-2021-25913 | 1 Set-or-get Project | 1 Set-or-get | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||