Mestrtee

**Name of the Vulnerable Software and Affected Versions** @intlify/message-resolver version 9.1 @intlify/vue-i18n-core versions 9.2 and later **Description** The vulnerability is a Prototype Pollution issue through the entry function: handleFlatJson. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. The consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context. **Recommendations** As a temporary workaround, consider disabling the `handleFlatJson` function until a patch is available. Restrict access to the vulnerable module `@intlify/message-resolver` and `@intlify/vue-i18n-core` to minimize the risk of exploitation. Avoid using the ` proto ` property in the affected API endpoint until the issue is resolved. Update `@intlify/message-resolver` and `@intlify/vue-i18n-core` to a version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lukebond json-override version 0.2.0 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via the ` proto ` property. This can be exploited to achieve malicious goals. **Recommendations** For lukebond json-override version 0.2.0, consider disabling access to the ` proto ` property as a temporary workaround until a patch is available. Restrict the use of the json-override module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ais-ltd strategyen version 0.4.0 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties using the `mergeObjects` function. This is a result of prototype pollution. **Recommendations** For version 0.4.0, consider disabling the `mergeObjects` function as a temporary workaround until a patch is available. Restrict access to areas where this function is utilized to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** chargeover redoc version 2.0.9-rc.69 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and have other impacts via the `mergeObjects` function. **Recommendations** For chargeover redoc version 2.0.9-rc.69, consider disabling the `mergeObjects` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** snapstate version 0.0.9 **Description** The issue is related to a prototype pollution vulnerability via the `attemptNestedProperty` function. This allows attackers to execute arbitrary code or cause a Denial of Service (DoS) by injecting arbitrary properties. **Recommendations** For version 0.0.9, consider disabling the `attemptNestedProperty` function as a temporary workaround until a patch is available. Restrict the injection of arbitrary properties to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rjrodger jsonic-next version 2.12.1 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties, leveraging a prototype pollution vulnerability in the `empty` function. **Recommendations** For version 2.12.1, consider disabling the `empty` function as a temporary workaround until a patch is available. Restrict the injection of arbitrary properties to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** airvertco frappejs version 0.0.11 **Description** The issue is related to a prototype pollution vulnerability via the `registerView` function. This allows attackers to execute arbitrary code or cause a Denial of Service (DoS) by injecting arbitrary properties. **Recommendations** For airvertco frappejs version 0.0.11, consider disabling the `registerView` function as a temporary workaround until a patch is available. Restrict access to the function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** amoyjs amoy common version 1.0.10 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties due to a prototype pollution vulnerability in the `extend` function. **Recommendations** For amoyjs amoy common version 1.0.10, consider disabling the `extend` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** adolph dudu ratio-swiper version 0.0.2 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties through a prototype pollution vulnerability in the `extendDefaults` function. **Recommendations** For adolph dudu ratio-swiper version 0.0.2, consider disabling the `extendDefaults` function as a temporary workaround until a patch is available. Restrict access to the `extendDefaults` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** requirejs version 2.3.6 **Description** The issue is related to a prototype pollution vulnerability via the function `s.contexts. .configure`. This allows attackers to execute arbitrary code or cause a Denial of Service (DoS) by injecting arbitrary properties. **Recommendations** For version 2.3.6, consider disabling the `s.contexts. .configure` function as a temporary workaround until a patch is available. Restrict access to the `configure` function within the `s.contexts. ` context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jsonic-next version 2.12.1 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. This is achieved through a prototype pollution vulnerability in the `util.clone` function. **Recommendations** For jsonic-next version 2.12.1, consider disabling the `util.clone` function as a temporary workaround until a patch is available. Restrict the use of this function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 2o3t-utility version 0.1.2 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties using the `extend` function, which is affected by prototype pollution. **Recommendations** For version 0.1.2, consider disabling the `extend` function as a temporary workaround until a patch is available. Restrict the use of this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cahil/utils version 2.3.2 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties using the `set` function. This is a result of prototype pollution in the cahil/utils library. **Recommendations** For version 2.3.2, consider disabling the `set` function as a temporary workaround until a patch is available. Restrict access to the library to minimize the risk of exploitation. Avoid using the library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cafebazaar hod version 0.4.14 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties through a prototype pollution vulnerability in the `request` function. **Recommendations** For cafebazaar hod version 0.4.14, consider disabling the `request` function until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** agreejs shared version 0.0.1 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties through a prototype pollution vulnerability in the `mergeInternalComponents` function. **Recommendations** For agreejs shared version 0.0.1, consider disabling the `mergeInternalComponents` function as a temporary workaround until a patch is available. Restrict access to components that utilize this function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** harvey-woo cat5th/key-serializer version 0.2.5 **Description** The issue allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties through the function "query". This is a result of prototype pollution. **Recommendations** For harvey-woo cat5th/key-serializer version 0.2.5, consider disabling the `query` function until a patch is available to prevent exploitation. Restrict access to the `query` function to minimize the risk of arbitrary code execution or Denial of Service (DoS).

**Name of the Vulnerable Software and Affected Versions** robinweser fast-loops version 1.1.3 IBM QRadar Suite (affected versions not specified) IBM Cloud Pak for Security (affected versions not specified) **Description** The issue is related to an uncontrolled modification of object prototype attributes in the robinweser fast-loops utility, which is used in IBM QRadar Suite and IBM Cloud Pak for Security. This allows a remote attacker to execute arbitrary code by sending a specially crafted network message that calls the vulnerable function. The vulnerability is due to a prototype pollution via the `objectMergeDeep` function, which enables attackers to inject arbitrary properties, potentially leading to code execution or a Denial of Service (DoS). **Recommendations** For robinweser fast-loops version 1.1.3, consider disabling the `objectMergeDeep` function until a patch is available. For IBM QRadar Suite, restrict access to the vulnerable module to minimize the risk of exploitation. For IBM Cloud Pak for Security, avoid using the vulnerable function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** akbr patch-into version 1.0.1 **Description** The issue is related to a prototype pollution via the function `patchInto()`. This allows attackers to execute arbitrary code or cause a Denial of Service (DoS) by injecting arbitrary properties. **Recommendations** For version 1.0.1, consider disabling the `patchInto()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** flatten-json version 1.0.1 **Description** A Prototype Pollution issue allows an attacker to execute arbitrary code via `module.exports.unflattenJSON` in `flatten-json/index.js`. **Recommendations** For flatten-json version 1.0.1, consider disabling the `unflattenJSON` function as a temporary workaround until a patch is available. Restrict access to the `module.exports.unflattenJSON` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cdr0 sg version 1.0.10 **Description** A Prototype Pollution issue allows an attacker to execute arbitrary code. **Recommendations** For version 1.0.10, at the moment, there is no information about a newer version that contains a fix for this issue.