• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-1321

CVE-2021-23421

February 23, 2023 by

All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.

CVE-2021-23433

February 23, 2023 by

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.

CVE-2021-23442

February 23, 2023 by

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object.

CVE-2021-23448

February 23, 2023 by

All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.

CVE-2021-23449

February 23, 2023 by

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.

CVE-2021-23450

February 23, 2023 by

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 23
  • Go to page 24
  • Go to page 25
  • Go to page 26
  • Go to page 27
  • Interim pages omitted …
  • Go to page 37
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE