Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26920 | 1 Naturalintelligence | 1 Fast Xml Parser | 2023-12-14 | N/A | 6.5 MEDIUM |
| fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. | |||||
| CVE-2021-23408 | 1 Graphhopper | 1 Graphhopper | 2023-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or __proto__ payload. | |||||
| CVE-2021-23395 | 1 Nedb Project | 1 Nedb | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor.prototype payload. | |||||
| CVE-2022-0432 | 1 Joinmastodon | 1 Mastodon | 2022-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0. | |||||
| CVE-2021-43787 | 1 Nodebb | 1 Nodebb | 2021-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. | |||||