CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7715 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2020-7715
All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. Todas las versiones del paquete deep-get-set, son vulnerables a una Contaminación de Prototipo por medio de la función main • https://snyk.io/vuln/SNYK-JS-DEEPGETSET-598666 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-10747 – nodejs-set-value: prototype pollution in function set-value
https://notcve.org/view.php?id=CVE-2019-10747
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads. set-value es vulnerable a Prototype Pollution en versiones anteriores a 2.0.1 y la versión 3.0.0. La función mixin-deep podría ser engañada para agregar o modificar propiedades de Object.prototype usando cualquiera de las cargas útiles de constructor, prototipo y _proto_ payloads. A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or _proto_ payloads. • https://github.com/ossf-cve-benchmark/CVE-2019-10747 https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292%40%3Cdev.drat.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3HNLQZQINMZK6GYB2UTKK4VU7WBV2OT https://snyk.io/vuln/SNYK-JS-SETVALUE-450213 https://access.redhat.com/security/cve/CVE-2019-10747 https://bugzi • CWE-400: Uncontrolled Resource Consumption CWE-471: Modification of Assumed-Immutable Data (MAID) •