Vulnerabilities > Improperly Controlled Modification of Dynamically-Determined Object Attributes

DATE CVE VULNERABILITY TITLE RISK
2023-08-24 CVE-2023-32079 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Gravitl Netmaker
Netmaker makes networks with WireGuard.
network
low complexity
gravitl CWE-915
8.8
2021-11-19 CVE-2021-23433 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Algolia Algoliasearch-Helper
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties.
network
algolia CWE-915
6.8
2021-10-18 CVE-2021-23449 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in VM2 Project VM2
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
network
low complexity
vm2-project CWE-915
7.5
2021-08-11 CVE-2021-23421 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Merge-Change Project Merge-Change
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.
network
low complexity
merge-change-project CWE-915
7.5
2021-07-28 CVE-2021-23417 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Deepmergefn Project Deepmergefn
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
network
low complexity
deepmergefn-project CWE-915
7.5
2021-07-07 CVE-2021-25952 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Just-Safe-Set Project Just-Safe-Set
Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution.
network
low complexity
just-safe-set-project CWE-915
7.5
2021-07-02 CVE-2021-23403 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Ts-Nodash Project Ts-Nodash
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.
network
low complexity
ts-nodash-project CWE-915
7.5
2021-07-02 CVE-2021-23402 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Record-Like-Deep-Assign Project Record-Like-Deep-Assign
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.
network
low complexity
record-like-deep-assign-project CWE-915
7.5
2021-06-10 CVE-2021-25948 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Expand-Hash Project Expand-Hash
Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
network
low complexity
expand-hash-project CWE-915
7.5
2021-06-10 CVE-2021-25949 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Set-Getter Project Set-Getter 0.1.0
Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
network
low complexity
set-getter-project CWE-915
7.5