CVE-2022-25871
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P
Summary
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | querymen | 0 < unspecified | affected |
Weaknesses
- Prototype Pollution
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.