GHSA-799q-f2px-wx8c

Опубликовано: 28 мар. 2025

Источник: github

Github: Прошло ревью

CVSS4: 8.9

Описание

Duplicate Advisory: @alizeait/unflatto Prototype Pollution via exports.unflatto Method

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-q8jq-4rm5-4hm5. This link is maintained to preserve external references.

Original Description

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2024-38988
https://github.com/alizeait/unflatto/issues/32
https://gist.github.com/mestrtee/4c5dfb66bea377889c44dd6c8af28713

Пакеты

Наименование

@alizeait/unflatto

npm

Затронутые версииВерсия исправления

<= 1.0.2

Отсутствует

8.9 High

CVSS4

Дефекты

CWE-1321

8.9 High

CVSS4

Дефекты

CWE-1321