Vulnerabilities > CVE-2022-25871 - Unspecified vulnerability in Querymen Project Querymen

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

querymen-project

NVD

Published: 2022-06-17

Updated: 2024-11-21

Summary

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867).

Vulnerable Configurations

Part	Description	Count
Application	Querymen_Project Querymen Project Querymen *	1

References

https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488
https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488