-
It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weak…
-
│ high │ Uncontrolled resource consumption in braces │
│ Package │ braces │
│ Patched in │ >=3.0.3 …
-
Here is a test that validates this vulnerability in lodash.merge:
```
it('should not be vulnerable to prototype pollution', function () {
var object1 = { value: utils_1.args };
…
-
I have found a possible prototype pollution vuln in this package.
With speficific input attckers can define properties on prototype, which will lead to prototype pollution.
Also I have made a tiny…
-
Hi, pace developers!
### Summary
I have discovered a prototype pollution vulnerability in the `pace-js` package, which can be exploited via attacker-controlled scriptless HTML elements on web p…
-
**Thanks for reaching out! We're happy to help resolve issues as quickly as possible.**
**Please use this template when creating a new issue. If you do not follow this template format, your issue m…
-
I haven't tested this, so I might be completely wrong. However, it might be worth testing whether this hook is vulnerable to prototype pollution. Consider reviewing https://codeburst.io/what-is-protot…
-
# Prototype Pollution in nJwt library
## Description
The nJwt library is susceptible to prototype pollution, particularly affecting the `JwtHeader` and `JwtBody` objects. These objects lack valid…
-
The dependency `lodash.merge` has a high severity vulnerability.
Source: https://app.snyk.io/vuln/SNYK-JS-LODASHMERGE-173732
Seems like using `lodash` instead of `lodash.merge` is safer: https:/…
-
A few days ago I went to install my project's packages and npm pointed out 4 critical security errors, but I couldn't understand the solution for it, I didn't find issues that matched the current prob…