Security Vulnerabilities - CVEs Published In September 2020
All versions of package dot-notes are vulnerable to Prototype Pollution via the create function.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-09-01
All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-09-01
Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-09-01
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
CVSS Score
9.8
EPSS Score
0.021
Published
2020-09-01
All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-09-01
All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-09-01
All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-09-01
All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-09-01
All versions of package arr-flatten-unflatten are vulnerable to Prototype Pollution via the constructor.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-09-01
Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie.
CVSS Score
6.6
EPSS Score
0.004
Published
2020-09-01