GHSA-653v-rqx9-j85p

Опубликовано: 04 нояб. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.3

Описание

deep-object-diff vulnerable to Prototype Pollution

deep-object-diff before version 1.1.6 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited. This issue was fixed in version 1.1.9.

Ссылки

Пакеты

Наименование

deep-object-diff

npm

Затронутые версииВерсия исправления

>= 1.1.6, < 1.1.9

1.1.9

EPSS

Процентиль: 30%

0.00111

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2022-41713

Дефекты

CWE-1321

Связанные уязвимости

CVE-2022-41713

CVSS3: 5.3

nvd

больше 3 лет назад

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited.

EPSS

Процентиль: 30%

0.00111

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2022-41713

Дефекты

CWE-1321