Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-36618: fix(vulnerability): Prototype Pollution Vulnerability (#105) · FurqanSoftware/node-whois@46ccc2a

A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252.

CVE
Open in Source
#vulnerability#git#perl

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

  • Pricing

  • Notifications

  • Fork 64

  • Code

  • Issues 15

  • Pull requests 1

  • Actions

  • Projects

  • Wiki

  • Security

  • Insights

Permalink

Browse files

fix(vulnerability): Prototype Pollution Vulnerability (#105)

* fix: prevent prototype injection/derivatives bugs

* fix: indent

* fix: indent

  • Loading branch information

1 parent daa2d86 commit 46ccc2aee8d063c7b6b4dee2c2834113b7286076

Showing 1 changed file with 4 additions and 0 deletions.

@@ -14,6 +14,10 @@ cleanParsingErrors = (string) =>

if typeof done is ‘undefined’ and typeof options is ‘function’

done = options

options = {}

if addr == ‘__proto__’

done new Error ‘lookup: __proto__ is not allowed to lookup’

return

_.defaults options,

follow: 2

0 comments on commit 46ccc2a

Please sign in to comment.

Related news

GHSA-97jv-c342-5xhc: FurqanSoftware/node-whois vulnerable to Prototype Pollution

A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE