Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown
CVE-2023-26106
Disclosure Date: March 06, 2023 (last updated February 24, 2025)
All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.
0
Attacker Value
Unknown
CVE-2020-7717
Disclosure Date: September 01, 2020 (last updated February 22, 2025)
All versions of package dot-notes are vulnerable to Prototype Pollution via the create function.
0
Attacker Value
Unknown
CVE-2020-7639
Disclosure Date: April 06, 2020 (last updated February 21, 2025)
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
0
Attacker Value
Unknown
CVE-2020-8141
Disclosure Date: March 15, 2020 (last updated February 21, 2025)
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.
0
Attacker Value
Unknown
CVE-2019-10793
Disclosure Date: February 18, 2020 (last updated February 21, 2025)
dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
0
Attacker Value
Unknown
CVE-2020-8116
Disclosure Date: February 04, 2020 (last updated February 21, 2025)
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
0
