Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21297 | 1 Nodered | 1 Node-red | 2022-05-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url. | |||||
| CVE-2020-7637 | 1 Class-transformer Project | 1 Class-transformer | 2022-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | |||||
| CVE-2021-23419 | 1 Open-graph Project | 1 Open-graph | 2021-08-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload. | |||||