Total
296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20089 | 1 Purl Project | 1 Purl | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype. | |||||
| CVE-2021-20086 | 1 Jquery-bbq Project | 1 Jquery-bbq | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype. | |||||
| CVE-2021-25913 | 1 Set-or-get Project | 1 Set-or-get | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25943 | 1 101 Project | 1 101 | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25914 | 1 Fireblink | 1 Object-collider | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25944 | 1 Deep-defaults Project | 1 Deep-defaults | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25928 | 1 Manta | 1 Safe-obj | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-25953 | 1 Putil-merge Project | 1 Putil-merge | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23408 | 1 Graphhopper | 1 Graphhopper | 2023-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or __proto__ payload. | |||||
| CVE-2021-25912 | 1 Dotty Project | 1 Dotty | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-23395 | 1 Nedb Project | 1 Nedb | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload. | |||||
| CVE-2021-23329 | 1 Getadigital | 1 Nested-object-assign | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below. | |||||
| CVE-2021-20088 | 1 Mootools | 1 Mootools-more | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more 1.6.0 allows a malicious user to inject properties into Object.prototype. | |||||
| CVE-2021-25927 | 1 Safe-flat Project | 1 Safe-flat | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2021-20084 | 1 Jquery-sparkle Project | 1 Jquery-sparkle | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype. | |||||
| CVE-2021-20087 | 1 Acemetrix | 1 Jquery-deparam | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype. | |||||
| CVE-2023-3696 | 1 Mongoosejs | 1 Mongoose | 2023-08-02 | N/A | 9.8 CRITICAL |
| Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4. | |||||
| CVE-2022-23624 | 1 Frourio | 1 Frourio-express | 2023-07-13 | 6.5 MEDIUM | 8.8 HIGH |
| Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. | |||||
| CVE-2022-23623 | 1 Frourio | 1 Frourio | 2023-07-13 | 6.5 MEDIUM | 8.8 HIGH |
| Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. | |||||
| CVE-2023-36475 | 1 Parseplatform | 1 Parse-server | 2023-07-06 | N/A | 9.8 CRITICAL |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1. | |||||