Lucene search
GoogleOSV:GHSA-2CF2-2383-H4JVHistoryMay 07, 2021 - 4:16 p.m.
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen
2021-05-0716:16:43
Google
osv.dev
5
0.001 Low
EPSS
Percentile
38.8%
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
Related
cve
cve
CVE-2020-7600
2020-03-12 23:15:12
CVE-2022-25871
2022-06-17 20:15:10
veracode
veracode
Prototype Pollution
2020-03-13 07:34:33
nvd
nvd
CVE-2020-7600
2020-03-12 23:15:12
CVE-2022-25871
2022-06-17 20:15:10
prion
prion
Code injection
2020-03-12 23:15:00
Design/Logic Flaw
2022-06-17 20:15:00
cvelist
cvelist
CVE-2020-7600
2020-03-12 22:25:43
CVE-2022-25871 Prototype Pollution
2022-06-17 00:00:00
github
github
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen
2021-05-07 16:16:43
Prototype Pollution in querymen
2022-06-18 00:00:19
osv
osv
CVE-2020-7600
2020-03-12 23:15:12
Prototype Pollution in querymen
2022-06-18 00:00:19