Описание
Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
A prototype pollution vulnerability was found in ‘set-getter’. This issue allows an attacker to cause a denial of service and may also lead to remote code execution.
Отчет
In the logging subsystem for Red Hat OpenShift, the vulnerable set-getter nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-1321
https://bugzilla.redhat.com/show_bug.cgi?id=1974701set-getter: prototype pollution in ‘set-getter may lead to DoS
9.8 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
больше 4 лет назад
Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
9.8 Critical
CVSS3