Advisories for Npm/Bodymen package

2022

Prototype Pollution in bodymen

The package bodymen from 0.0.0 is vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792

2021

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

bodymen is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload.