Lucene search
Veracode Vulnerability DatabaseVERACODE:12685HistoryJan 15, 2019 - 9:20 a.m.
Prototype Override Protection Bypass
2019-01-1509:20:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.001 Low
EPSS
Percentile
47.5%
qs is vulnerable to prototype override protection bypass. It is possible for an attacker to bypass the protection and overwrite prototype properties and functions by prefixing the name of the parameter with [ or ]. Overwriting these properties on the object prototype can impact application logic, potentially allowing attackers to change security controls, modify data, and cause even worse impact.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rh-nodejs6-nodejs-qs | eq | 6.2.1__1.el7 | |
| rh-nodejs6-nodejs-qs | eq | 6.2.1__1.el6 |
Related
ubuntucve
ubuntucve
CVE-2017-1000048
2017-07-17 00:00:00
osv
osv
Prototype Pollution Protection Bypass in qs
2020-04-30 17:16:47
CVE-2017-1000048
2017-07-17 13:18:00
redhatcve
redhatcve
CVE-2017-1000048
2017-08-28 12:48:30
prion
prion
Design/Logic Flaw
2017-07-17 13:18:00
nvd
nvd
CVE-2017-1000048
2017-07-17 13:18:17
cve
cve
CVE-2017-1000048
2017-07-17 13:18:17
cvelist
cvelist
CVE-2017-1000048
2017-07-13 20:00:00
veracode
veracode
Prototype Override Protection Bypass
2017-03-03 08:37:32
nodejs
nodejs
Prototype Pollution Protection Bypass
2020-02-10 19:09:50
redhat
redhat
(RHSA-2017:2672) Moderate: rh-nodejs6-nodejs-qs security update
2017-09-07 14:10:16
github
github
Prototype Pollution Protection Bypass in qs
2020-04-30 17:16:47
ibm
ibm