This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance. Devamını Oku
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization. Devamını Oku
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer. Devamını Oku
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack. Devamını Oku
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. Devamını Oku
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. Devamını Oku
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. Devamını Oku
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. Devamını Oku
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default…
All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default…
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. Devamını Oku