Описание
lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., proto) can be copied during a merge or clone operation.
A flaw was found in mquery that allows a prototype pollution attack. This flaw allows an attacker to alter the code behavior by modifying the object prototype. A flaw in the lib/utils.js function allows cloning and merging objects without sanitizing their special properties, such as prototype defining "proto". The highest threat from this vulnerability is to integrity.
Отчет
The affected version of mquery is a dependency of the mongoose library. The exploitation of this vulnerability requires authenticated access, consequently, the CVSSv3 score for RHACM is lower than the score of the flaw.
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation.
EPSS
5.3 Medium
CVSS3