mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
806 B
806 B
CVE-2021-23574
Description
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of CVE-2020-28442.
POC
Reference
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
- https://snyk.io/vuln/SNYK-JS-JSDATA-1584361
Github
No PoCs found on GitHub currently.