CVE-2022-25871

Prototype Pollution in querymen in npm/querymen

Identifiers

GHSA-p23c-p8w2-ww5v, CVE-2022-25871

Package Slug

npm/querymen

Vulnerability

Prototype Pollution in querymen

Description

All versions of package querymen is vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600.

Affected Versions

All versions up to 2.1.4

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-06-21

source