CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Querymen Project: >> Querymen >> 2.1.4 Security Vulnerabilities

CVE-2022-25871

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867).

CVSS Score

5.9

EPSS Score

0.003

Published

2022-06-17

Page 1

Vulnerabilities

Vulnerable Software

Querymen Project: >> Querymen >> 2.1.4 Security Vulnerabilities

Products

Pricing

Contact Us