CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
473 vulnerabilities with CWE-1321
CVE-2024-14020
MEDIUM
NPM Carbone < 3.5.6 - Code Injection
CVSS 5.0
CVE-2024-57708
MEDIUM
OneTrust SDK <6.33.0 - DoS
CVSS 5.7
CVE-2024-12556
HIGH
Elastic Kibana < 8.16.4 - Prototype Pollution
CVSS 8.7
CVE-2024-57083
HIGH
redoc <= 2.2.0 - DoS
CVSS 7.5
CVE-2024-38988
CRITICAL
Alizeait Unflatto < 1.0.2 - Prototype Pollution
CVSS 9.8
CVE-2024-38985
CRITICAL
Janrywang Depath - Prototype Pollution
CVSS 9.8
CVE-2024-24292
CRITICAL
Aliconnect Software Development Kit - Prototype Pollution
CVSS 9.8
CVE-2024-11628
MEDIUM
Telerik Kendo UI for Vue <6.0.1 - Command Injection
CVSS 4.1
CVE-2024-12629
MEDIUM
Progress Kendoreact < 9.4.0 - Prototype Pollution
CVSS 4.1
CVE-2024-57086
HIGH
node-opcua-alarm-condition <2.134.0 - DoS
CVSS 7.5
CVE-2024-57084
HIGH
dot-properties v1.0.1 - DoS
CVSS 7.5
CVE-2024-57080
HIGH
vxe-table <4.8.10 - DoS
CVSS 7.5
CVE-2024-57078
HIGH
cli-util <1.1.27 - DoS
CVSS 7.5
CVE-2024-57077
CRITICAL
utils-extend 1.0.8 - Prototype Pollution
CVSS 9.1
CVE-2024-57072
HIGH
module-from-string <3.3.1 - DoS
CVSS 7.5
CVE-2024-57071
HIGH
php-parser <3.2.1 - DoS
CVSS 7.5
CVE-2024-57069
HIGH
expand-object <0.4.2 - DoS
CVSS 7.5
CVE-2024-57067
HIGH
dot-qs <0.2.0 - DoS
CVSS 7.5
CVE-2024-57066
HIGH
@ndhoule/defaults <2.0.1 - DoS
CVSS 7.5
CVE-2024-57065
HIGH
utile <0.3.0 - DoS
CVSS 7.5
CVE-2024-57064
HIGH
@syncfusion/ej2-spreadsheet <v27.2.2 - DoS
CVSS 7.5
CVE-2024-57063
HIGH
php-date-formatter <1.3.6 - DoS
CVSS 7.5
CVE-2024-56059
CRITICAL
Mighty Digital Partners <0.2.0 - Code Injection
CVSS 9.8
CVE-2024-21548
HIGH
Bun <1.1.30 - Prototype Pollution
CVSS 7.5
CVE-2024-54156
MEDIUM
JetBrains YouTrack <2024.3.52635 - Prototype Pollution
CVSS 4.2
Details
Vulnerabilities
473