CVE-2022-25296

HIGH Year: 2022
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-1321
View all →

Vulnerability Description

The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897)

Related Vulnerabilities

CVE-2020-28458

HIGH
CVSS:7.3(High)

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.

CWE-13212020

CVE-2020-7720

HIGH
CVSS:7.3(High)

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.

CWE-13212020

CVE-2020-7743

HIGH
CVSS:7.3(High)

The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.

CWE-13212020

CVE-2022-1295

HIGH
CVSS:7.3(High)

Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.

CWE-13212022

CVE-2024-38994

HIGH
CVSS:7.3(High)

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via...

CWE-13212024

CVE-2024-39003

HIGH
CVSS:7.3(High)

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) v...

CWE-13212024