Описание
Prototype Pollution in mithril
Affected versions of mithrilare vulnerable to prototype pollution. The function parseQueryString may allow a malicious user to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. A payload such as __proto__%5BtoString%5D=123 in the query string would change the toString() function to 123.
Recommendation
If you are using mithril 2.x, upgrade to version 2.0.2 or later. If you are using mithril 1.x, upgrade to version 1.1.7 or later.
Пакеты
Наименование
mithril
npm
Затронутые версииВерсия исправления
< 1.1.7
1.1.7
Наименование
mithril
npm
Затронутые версииВерсия исправления
>= 2.0.0, < 2.0.2
2.0.2
Дефекты
CWE-1321
Дефекты
CWE-1321