Описание
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.11.1 (исключая)Версия от 0.12.0 (включая) до 0.12.2 (исключая)
Одно из
cpe:2.3:a:appwrite:appwrite:*:*:*:*:*:*:*:*
cpe:2.3:a:appwrite:appwrite:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 0.3.12 (исключая)
cpe:2.3:a:litespeed.js_project:litespeed.js:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 90%
0.05384
Низкий
7.3 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-1321
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
Prototype Pollution in litespeed.js and appwrite/server-ce
EPSS
Процентиль: 90%
0.05384
Низкий
7.3 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-1321