CVE-2022-25871

MEDIUM

querymen - Prototype Pollution via Unsanitized Handler Function Parameters

Title source: llm
STIX 2.1

Description

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867).

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488

Scores

CVSS v3 5.9
EPSS 0.0107
EPSS Percentile 60.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-1321
Status published
Products (2)
npm/querymen 0npm
querymen_project/querymen
Published Jun 17, 2022
Tracked Since Feb 18, 2026