Total
334 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7714 | 1 Realseriousgames | 1 Confucious | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package confucious are vulnerable to Prototype Pollution via the set function. | |||||
CVE-2020-7718 | 1 Gammautils Project | 1 Gammautils | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. | |||||
CVE-2019-0230 | 2 Apache, Oracle | 5 Struts, Communications Policy Management, Financial Services Data Integration Hub and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | |||||
CVE-2020-7727 | 1 Gedi Project | 1 Gedi | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package gedi are vulnerable to Prototype Pollution via the set function. | |||||
CVE-2020-7707 | 1 Property-expr Project | 1 Property-expr | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. | |||||
CVE-2020-7713 | 1 Arr-flatten-unflatten Project | 1 Arr-flatten-unflatten | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. | |||||
CVE-2020-7638 | 1 Confinit Project | 1 Confinit | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||||
CVE-2020-7723 | 1 Yola | 1 Promisehelpers | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. | |||||
CVE-2020-7639 | 1 Dot Project | 1 Dot | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||||
CVE-2020-7706 | 1 Connie-lang Project | 1 Connie-lang | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie. | |||||
CVE-2020-11066 | 1 Typo3 | 1 Typo3 | 2024-02-28 | 6.4 MEDIUM | 10.0 CRITICAL |
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2. | |||||
CVE-2020-7726 | 1 Safe-object2 Project | 1 Safe-object2 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. | |||||
CVE-2020-7643 | 1 Idea | 1 Paypal-adaptive | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | |||||
CVE-2020-7717 | 1 Dot-notes Project | 1 Dot-notes | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package dot-notes are vulnerable to Prototype Pollution via the create function. | |||||
CVE-2020-7679 | 1 Casperjs | 1 Casperjs | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. | |||||
CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. | |||||
CVE-2020-7616 | 1 Express-mock-middleware Project | 1 Express-mock-middleware | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk. | |||||
CVE-2020-7704 | 1 Linux-cmdline Project | 1 Linux-cmdline | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor. | |||||
CVE-2020-7716 | 1 Invertase | 1 Deeps | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions of package deeps are vulnerable to Prototype Pollution via the set function. | |||||
CVE-2020-7700 | 1 Php.js Project | 1 Php.js | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
All versions of phpjs are vulnerable to Prototype Pollution via parse_str. |