Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7714 | 1 Realseriousgames | 1 Confucious | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package confucious are vulnerable to Prototype Pollution via the set function. | |||||
| CVE-2020-7713 | 1 Arr-flatten-unflatten Project | 1 Arr-flatten-unflatten | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor. | |||||
| CVE-2020-7708 | 1 Irrelon | 2 \@irrelon\/path, Irrelon-path | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. | |||||
| CVE-2020-7707 | 1 Property-expr Project | 1 Property-expr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function. | |||||
| CVE-2020-7706 | 1 Connie-lang Project | 1 Connie-lang | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie. | |||||
| CVE-2020-7704 | 1 Linux-cmdline Project | 1 Linux-cmdline | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor. | |||||
| CVE-2020-7703 | 1 Nis-utils Project | 1 Nis-utils | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function. | |||||
| CVE-2020-7702 | 1 Templ8 Project | 1 Templ8 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package templ8 are vulnerable to Prototype Pollution via the parse function. | |||||
| CVE-2020-7701 | 1 Springtree | 1 Madlib-object-utils | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue. | |||||
| CVE-2020-7700 | 1 Php.js Project | 1 Php.js | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of phpjs are vulnerable to Prototype Pollution via parse_str. | |||||
| CVE-2020-7699 | 2 Express-fileupload Project, Netapp | 2 Express-fileupload, Max Data | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution. | |||||
| CVE-2020-7679 | 1 Casperjs | 1 Casperjs | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. | |||||
| CVE-2020-7644 | 1 Fun-map Project | 1 Fun-map | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||||
| CVE-2020-7643 | 1 Idea | 1 Paypal-adaptive | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | |||||
| CVE-2020-7641 | 1 Grunt-util-property Project | 1 Grunt-util-property | 2024-11-21 | N/A | 4.0 MEDIUM |
| This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | |||||
| CVE-2020-7639 | 1 Dot Project | 1 Dot | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||||
| CVE-2020-7638 | 1 Confinit Project | 1 Confinit | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||||
| CVE-2020-7637 | 1 Class-transformer Project | 1 Class-transformer | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | |||||
| CVE-2020-7618 | 1 Sds Project | 1 Sds | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'. | |||||
| CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2024-11-21 | 7.5 HIGH | 4.4 MEDIUM |
| ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. | |||||