Lucene search
SnykCVELIST:CVE-2020-7600HistoryMar 12, 2020 - 10:25 p.m.
CVE-2020-7600
2020-03-1222:25:43
snyk
www.cve.org
5
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
CNA Affected
[
{
"product": "querymen",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.1.4"
}
]
}
]Related
osv
osv
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen
2021-05-07 16:16:43
CVE-2020-7600
2020-03-12 23:15:12
Prototype Pollution in querymen
2022-06-18 00:00:19
nvd
nvd
CVE-2020-7600
2020-03-12 23:15:12
CVE-2022-25871
2022-06-17 20:15:10
veracode
veracode
Prototype Pollution
2020-03-13 07:34:33
prion
prion
Code injection
2020-03-12 23:15:00
Design/Logic Flaw
2022-06-17 20:15:00
github
github
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen
2021-05-07 16:16:43
Prototype Pollution in querymen
2022-06-18 00:00:19
cve
cve
CVE-2020-7600
2020-03-12 23:15:12
CVE-2022-25871
2022-06-17 20:15:10
cvelist
cvelist
CVE-2022-25871 Prototype Pollution
2022-06-17 20:05:34