• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-1321

CVE-2021-23594

February 23, 2023 by

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

CVE-2021-23597

February 23, 2023 by

This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382).

CVE-2021-23663

February 23, 2023 by

All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function.

CVE-2021-23682

February 23, 2023 by

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.

CVE-2021-23417

February 23, 2023 by

All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.

CVE-2021-23419

February 23, 2023 by

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 22
  • Go to page 23
  • Go to page 24
  • Go to page 25
  • Go to page 26
  • Interim pages omitted …
  • Go to page 37
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE