Mongoose Prototype Pollution vulnerability
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20.
299 threats tracked across 7 launch stacks — sourced from NVD, GHSA, CISA KEV, OSV, npm Audit, and EPSS.
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20.
Impact The SQL injection exploit is related to replacements. Here is such an example: In the following query, some parameters are passed through replacements, and some are passed directly through the where option. ``typescript User.findAll({ where: or( literal('soundex("firstName") = soundex(:firstName)'), { lastName: lastName }, ), replacements: { firstName }, }) `` This is a very legitimate use case, but this query was vulnerable to SQL injection due to how Sequelize
Impact Providing an invalid value to the where option of a query caused Sequelize to ignore that option instead of throwing an error. A finder call like the following did not throw an error: ``ts User.findAll({ where: new Date(), }); ` As this option is typically used with plain javascript objects, be aware that this only happens at the top level of this option. Patches This issue has been patched in sequelize@6.28.1` &
Impact Sequelize 6.28.2 and prior has a dangerous feature where using parentheses in the attribute option would make Sequelize use the string as-is in the SQL ``ts User.findAll({ attributes: [ ['count(id)', 'count'] ] }); ` Produced `sql SELECT count(id) AS "count" FROM "users" ` Patches This feature was deprecated in Sequelize 5, and using it prints a deprecation warning. This issue has been patched in [@sequelize/core@7.0.0.alpha-20`](https://github.com/sequelize
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Prototype Pollution. The Schema.path() function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.
Description Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Prototype Pollution. The Schema.path() function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack. Proof of Concept ```js // poc.js const mongoose = require('mongoose'); const schema =
Overview Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. Am I affected? You are affected if you are using an algorithm and a key type other than the combinations mentioned below | Key type | algorithm | |----------|------------------------------------------| | ec | ES256, ES384, ES512
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity.
FastAPI <0.65.2 accepted JSON from text/plain requests enabling CSRF attacks without preflight.
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Showing 81–91 of 91 threats