Monthly Archive: September 2020

All versions of package gedi are vulnerable to Prototype Pollution via the set function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-GEDI-598803

All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-SAFEOBJECT2-598801

All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-WORKSMITH-598798

All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-TINYCONF-598792

All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-PROMISEHELPERS-598686

All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-NODEEUTILS-598679

All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-NODEOOJS-598678

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. Date published : 2020-09-01 https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293

Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. Date published : 2020-09-01 https://github.com/kvz/locutus/pull/418/ https://snyk.io/vuln/SNYK-JS-LOCUTUS-598675

All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-GAMMAUTILS-598670

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-DOTNOTES-598668

All versions of package deeps are vulnerable to Prototype Pollution via the set function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-DEEPS-598667

All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-DEEPGETSET-598666

All versions of package confucious are vulnerable to Prototype Pollution via the set function. Date published : 2020-09-01 https://snyk.io/vuln/SNYK-JS-CONFUCIOUS-598665