Описание
node-opcua-alarm-condition prototype pollution vulnerability
A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-57086
- https://github.com/node-opcua/node-opcua/issues/1433#issuecomment-2791824350
- https://gist.github.com/tariqhawis/30acc3632cf595ca5825b7ec2b2f795a
- https://github.com/node-opcua/node-opcua/blob/330db56bb62bce9fff80382daee1fac94311978d/packages/node-opcua-alarm-condition/test/test_cve_polution_attack.ts
Пакеты
Наименование
node-opcua-alarm-condition
npm
Затронутые версииВерсия исправления
< 2.137.0
2.137.0
Связанные уязвимости
CVSS3: 7.5
nvd
около 1 года назад
A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.