Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by querymen_project

    CVE-2022-25871 (GCVE-0-2022-25871)

    Vulnerability from nvd – Published: 2022-06-17 20:05 – Updated: 2024-09-17 00:05
    VLAI
    Title
    Prototype Pollution
    Summary
    All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867).
    CWE
    • Prototype Pollution
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a querymen Affected: 0 , < unspecified (custom)
    Date Public
    2022-06-17 00:00
    Credits
    Cristian-Alexandru Staicu Abdullah Alhamdan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:44.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "querymen",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Cristian-Alexandru Staicu"
            },
            {
              "lang": "en",
              "value": "Abdullah Alhamdan"
            }
          ],
          "datePublic": "2022-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 5.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Prototype Pollution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-17T20:05:34.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488"
            }
          ],
          "title": "Prototype Pollution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2022-06-17T20:00:11.188209Z",
              "ID": "CVE-2022-25871",
              "STATE": "PUBLIC",
              "TITLE": "Prototype Pollution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "querymen",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Cristian-Alexandru Staicu"
              },
              {
                "lang": "eng",
                "value": "Abdullah Alhamdan"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Prototype Pollution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2022-25871",
        "datePublished": "2022-06-17T20:05:34.384Z",
        "dateReserved": "2022-02-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:05:54.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7600 (GCVE-0-2020-7600)

    Vulnerability from nvd – Published: 2020-03-12 22:25 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
    Severity
    No CVSS data available.
    CWE
    • Prototype Pollution
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a querymen Affected: All versions prior to 2.1.4
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.998Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "querymen",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Prototype Pollution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-12T22:25:43.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "ID": "CVE-2020-7600",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "querymen",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Prototype Pollution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef",
                  "refsource": "MISC",
                  "url": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2020-7600",
        "datePublished": "2020-03-12T22:25:43.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25871 (GCVE-0-2022-25871)

    Vulnerability from cvelistv5 – Published: 2022-06-17 20:05 – Updated: 2024-09-17 00:05
    VLAI
    Title
    Prototype Pollution
    Summary
    All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867).
    CWE
    • Prototype Pollution
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a querymen Affected: 0 , < unspecified (custom)
    Date Public
    2022-06-17 00:00
    Credits
    Cristian-Alexandru Staicu Abdullah Alhamdan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:49:44.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "querymen",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Cristian-Alexandru Staicu"
            },
            {
              "lang": "en",
              "value": "Abdullah Alhamdan"
            }
          ],
          "datePublic": "2022-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "NOT_DEFINED",
                "reportConfidence": "NOT_DEFINED",
                "scope": "UNCHANGED",
                "temporalScore": 5.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Prototype Pollution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-17T20:05:34.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488"
            }
          ],
          "title": "Prototype Pollution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2022-06-17T20:00:11.188209Z",
              "ID": "CVE-2022-25871",
              "STATE": "PUBLIC",
              "TITLE": "Prototype Pollution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "querymen",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Cristian-Alexandru Staicu"
              },
              {
                "lang": "eng",
                "value": "Abdullah Alhamdan"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Prototype Pollution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-2391488"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2022-25871",
        "datePublished": "2022-06-17T20:05:34.384Z",
        "dateReserved": "2022-02-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:05:54.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7600 (GCVE-0-2020-7600)

    Vulnerability from cvelistv5 – Published: 2020-03-12 22:25 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
    Severity
    No CVSS data available.
    CWE
    • Prototype Pollution
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a querymen Affected: All versions prior to 2.1.4
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.998Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "querymen",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Prototype Pollution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-12T22:25:43.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "ID": "CVE-2020-7600",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "querymen",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Prototype Pollution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef",
                  "refsource": "MISC",
                  "url": "https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2020-7600",
        "datePublished": "2020-03-12T22:25:43.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }