Lucene search
GoogleOSV:GHSA-C6H4-GC3F-HGJQHistoryJan 06, 2022 - 9:58 p.m.
Prototype Pollution in js-data
2022-01-0621:58:56
Google
osv.dev
7
0.033 Low
EPSS
Percentile
91.3%
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442.
References
github.com/js-data/js-data
github.com/js-data/js-data/blob/master/dist/js-data.js%23L472
github.com/js-data/js-data/issues/576
github.com/js-data/js-data/issues/577
nvd.nist.gov/vuln/detail/CVE-2021-23574
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
snyk.io/vuln/SNYK-JS-JSDATA-1584361
Related
cvelist
cvelist
CVE-2021-23574 Prototype Pollution
2021-12-24 00:00:00
CVE-2020-28442 Prototype Pollution
2020-12-15 00:00:00
github
github
Prototype Pollution in js-data
2022-01-06 21:58:56
Prototype Pollution in js-data
2022-02-09 22:45:52
cve
cve
CVE-2021-23574
2021-12-24 20:15:08
CVE-2020-28442
2020-12-15 08:15:12
veracode
veracode
Prototype Pollution
2021-12-27 07:30:29
Prototype Pollution
2020-12-16 01:25:19
nvd
nvd
CVE-2021-23574
2021-12-24 20:15:08
CVE-2020-28442
2020-12-15 08:15:12
prion
prion
Design/Logic Flaw
2021-12-24 20:15:00
Code injection
2020-12-15 08:15:00
huntr
huntr
Prototype Pollution in js-data/js-data
2021-01-11 00:00:00
osv
osv
Prototype Pollution in js-data
2022-02-09 22:45:52
checkpoint_advisories
checkpoint_advisories