exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2022-37616

больше 3 лет назад

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted."

CVSS3: 9.8

EPSS: Низкий

CVE-2022-37616

больше 3 лет назад

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted."

CVSS3: 9.8

EPSS: Низкий

CVE-2022-37616

больше 1 года назад

CVSS3: 9.8

EPSS: Низкий

CVE-2022-37616

больше 3 лет назад

A prototype pollution vulnerability exists in the function copy in dom ...

CVSS3: 9.8

EPSS: Низкий

GHSA-9pgh-qqpf-7wqj

больше 3 лет назад

Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2022-37616 A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted."	CVSS3: 9.8	1% Низкий	больше 3 лет назад
CVE-2022-37616 A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted."	CVSS3: 9.8	1% Низкий	больше 3 лет назад
CVE-2022-37616	CVSS3: 9.8	1% Низкий	больше 1 года назад
CVE-2022-37616 A prototype pollution vulnerability exists in the function copy in dom ...	CVSS3: 9.8	1% Низкий	больше 3 лет назад
GHSA-9pgh-qqpf-7wqj Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom	CVSS3: 9.8	1% Низкий	больше 3 лет назад

Уязвимостей на страницу