17 results (0.012 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality. Todas las versiones del paquete set-deep-prop son vulnerables a una Contaminación de Prototipos por medio de la función main • https://security.snyk.io/vuln/SNYK-JS-SETDEEPPROP-1083231 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7715](https://security.snyk.io/vuln/SNYK-JS-DEEPGETSET-598666) Todas las versiones del paquete deep-get-set son vulnerables a la Contaminación de Prototipos por medio de la función 'deep'. **Nota:** Esta vulnerabilidad deriva de una corrección incompleta de [CVE-2020-7715](https://security.snyk.io/vuln/SNYK-JS-DEEPGETSET-598666) • https://snyk.io/vuln/SNYK-JS-DEEPGETSET-2342655 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack El plugin New User Email Set Up de WordPress versiones hasta 0.5.2, no presenta una comprobación de tipo CSRF cuando actualiza sus ajustes, lo que podría permitir a atacantes hacer que un administrador conectado los cambie por medio de un ataque de tipo CSRF • https://wpscan.com/vulnerability/176d5761-4f01-4173-a70c-6052a6a9963e • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049) El paquetes set-in versiones anteriores a 2.0.3, es vulnerable a una Contaminación de Prototipos por medio del método setIn, ya que permite a un atacante fusionar prototipos de objetos en él. **Nota:** Esta vulnerabilidad deriva de una corrección incompleta de [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049) • https://github.com/ahdinosaur/set-in/blob/dfc226d95cce8129de6708661e06e0c2c06f3490/index.js%23L5 https://github.com/ahdinosaur/set-in/commit/6bad255961d379e4b1f5fbc52ef9dc8420816f24 https://snyk.io/vuln/SNYK-JS-SETIN-2388571 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1

This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 Esto afecta al paquete @strikeentco/set versiones anteriores a 1.0.2. Permite a un atacante causar una denegación de servicio y puede conllevar a una ejecución de código remota. **Nota:** Esta vulnerabilidad deriva de una corrección incompleta en https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 • https://github.com/strikeentco/set/commit/b2f942c https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation https://snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-2385945 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •