Опубликовано: 01 июл. 2024
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.3
Описание
@aofl/cli-lib Prototype Pollution vulnerability
aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Пакеты
Наименование
@aofl/cli-lib
npm
Затронутые версииВерсия исправления
<= 4.0.0-alpha.45
Отсутствует
Связанные уязвимости
CVSS3: 6.3
nvd
больше 1 года назад
aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.