CVEs-PoC/2020/CVE-2020-7600.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 15:15:46 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.

POC

Reference

https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867

Github

https://github.com/Live-Hack-CVE/CVE-2020-7600

730 B Raw Blame History

CVE-2020-7600

Description

POC

Reference

Github

730 B

Raw Blame History