Falhas do tipo CWE-1321
304 resultadosCVE-2023-26132HIGHVersions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and theEPSS 1.1%CVE-2023-1717CRITICALBitrix24 Cross-Site Scripting (XSS) via Client-side Prototype PollutionEPSS 1.1%CVE-2022-37621CRITICALPrototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable EPSS 1.0%CVE-2022-39357HIGHWinter vulnerable to Prototype Pollution in Snowboard frameworkEPSS 1.0%CVE-2023-3696CRITICALPrototype Pollution in automattic/mongooseEPSS 1.0%CVE-2021-32736HIGHImproperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in think-helperEPSS 1.0%CVE-2022-37611CRITICALPrototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.EPSS 1.0%CVE-2024-23339MEDIUMhoolock does not block Prototype pollution with object-path related utilitiesEPSS 1.0%CVE-2022-4742MEDIUMjson-pointer index.js set prototype pollutionEPSS 1.0%CVE-2023-2972MEDIUMPrototype Pollution in antfu/utilsEPSS 1.0%CVE-2023-30533HIGHSheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, wherEPSS 1.0%CVE-2024-38986CRITICALPrototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other iEPSS 1.0%CVE-2023-23917HIGHA prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any uEPSS 1.0%CVE-2022-31106HIGHPrototype Pollution in underscore.deepEPSS 1.0%CVE-2024-38983CRITICALPrototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) andEPSS 1.0%CVE-2024-38984CRITICALPrototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via theEPSS 1.0%CVE-2024-39012CRITICALais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackersEPSS 1.0%CVE-2023-30363CRITICALvConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts.EPSS 1.0%CVE-2024-21509MEDIUMVersions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user EPSS 1.0%CVE-2023-26106HIGHAll versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.
EPSS 0.9%