Homepage

bodymen@1.0.2 vulnerabilities

Body parser middleware for MongoDB, Express and Nodejs

  • latest version

    1.1.1

  • first published

    9 years ago

  • latest version published

    5 years ago

  • licenses detected

  • View bodymen package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the bodymen package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Prototype Pollution

    bodymen is a Body parser middleware for MongoDB, Express and Nodejs.

    Affected versions of this package are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

    Note: This vulnerability derives from an incomplete fix to CVE-2019-10792

    How to fix Prototype Pollution?

    There is no fixed version for bodymen.

    >=0.0.0
    • M
    Prototype Pollution

    bodymen is a Body parser middleware for MongoDB, Express and Nodejs.

    Affected versions of this package are vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

    PoC by JHU System Security Lab

    var a = require("undefsafe");
var payload = "__proto__.toString";
a({},payload,"JHU");
console.log({}.toString);

    How to fix Prototype Pollution?

    Upgrade bodymen to version 1.1.1 or higher.

    <1.1.1
    Go back to all versions of this package