Total
334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45435 | 1 Chartist | 1 Chartist | 2024-09-03 | N/A | 9.8 CRITICAL |
| Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. | |||||
| CVE-2024-36580 | 2024-08-22 | N/A | 9.8 CRITICAL | ||
| A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code. | |||||
| CVE-2024-30564 | 2024-08-22 | N/A | 9.8 CRITICAL | ||
| An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method. | |||||
| CVE-2024-21509 | 2024-08-22 | N/A | 6.5 MEDIUM | ||
| Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. | |||||
| CVE-2024-37287 | 1 Elastic | 1 Kibana | 2024-08-22 | N/A | 7.2 HIGH |
| A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution. | |||||
| CVE-2024-39014 | 2024-08-21 | N/A | 9.8 CRITICAL | ||
| ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39013 | 2024-08-21 | N/A | 9.8 CRITICAL | ||
| 2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-29651 | 2024-08-20 | N/A | 8.1 HIGH | ||
| A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions. | |||||
| CVE-2024-24293 | 2024-08-20 | N/A | 8.8 HIGH | ||
| A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js. | |||||
| CVE-2024-36582 | 2024-08-19 | N/A | 9.8 CRITICAL | ||
| alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js) | |||||
| CVE-2024-38989 | 2024-08-13 | N/A | 9.8 CRITICAL | ||
| izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-36572 | 1 Allpro | 1 Formmanager Data Handler | 2024-08-08 | N/A | 9.8 CRITICAL |
| Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue. | |||||
| CVE-2024-38984 | 1 Lukebond | 1 Json-override | 2024-08-08 | N/A | 9.8 CRITICAL |
| Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property. | |||||
| CVE-2024-38986 | 1 75lb | 1 Deep-merge | 2024-08-08 | N/A | 9.8 CRITICAL |
| Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects. | |||||
| CVE-2024-39010 | 1 Chasemoskal | 1 Snapstate | 2024-08-08 | N/A | 9.8 CRITICAL |
| chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39011 | 1 Chargeover | 1 Redoc | 2024-08-08 | N/A | 9.8 CRITICAL |
| Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. | |||||
| CVE-2024-39012 | 1 Ais | 1 Strategyen | 2024-08-08 | N/A | 9.8 CRITICAL |
| ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38983 | 1 Alykoshin | 1 Mini-deep-assign | 2024-08-08 | N/A | 9.8 CRITICAL |
| Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91) | |||||
| CVE-2021-42581 | 1 Ramdajs | 1 Ramda | 2024-08-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__") as an argument to the function. NOTE: the vendor disputes this because the observed behavior only means that a user can create objects that the user didn't know would contain custom prototypes | |||||
| CVE-2022-37598 | 1 Uglifyjs Project | 1 Uglifyjs | 2024-08-03 | N/A | 9.8 CRITICAL |
| Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report. | |||||