GHSA-p23c-p8w2-ww5v

Source

https://github.com/advisories/GHSA-p23c-p8w2-ww5v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-p23c-p8w2-ww5v/GHSA-p23c-p8w2-ww5v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p23c-p8w2-ww5v

Aliases

CVE-2022-25871

Published

2022-06-18T00:00:19Z

Modified

2026-03-13T22:11:45.988516Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Prototype Pollution in querymen

Details

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-20T22:27:37Z",
    "cwe_ids": [
        "CWE-1321"
    ],
    "severity": "MODERATE",
    "nvd_published_at": "2022-06-17T20:15:00Z"
}

References

Affected packages

npm / querymen

Package

Name: querymen; View open source insights on deps.dev
Purl: pkg:npm/querymen

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.1.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-p23c-p8w2-ww5v/GHSA-p23c-p8w2-ww5v.json"