Haz

2 exploits Active since Feb 2020
CVE-2019-10792 WRITEUP MEDIUM WRITEUP
bodymen < 1.1.1 - Prototype Pollution via __proto__ Payload
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
CVSS 6.3
CVE-2020-7600 WRITEUP MEDIUM WRITEUP
querymen < 2.1.4 - Prototype Pollution via Unsanitized Handler Parameters
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
CVSS 5.3