Описание
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
A flaw was found in immer when manipulates object attributes such as proto, constructor and prototype. An attacker can manipulate these values by overwriting and polluting them. Those attributes would be inherited by JavaScript objects which could trigger exception handlers and leading into a denial of service attack.
Отчет
In OpenShift Container Platform (OCP) and OpenShift Migration Toolkit for Containers (MTC), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-immer library to authenticated users only, therefore the impact is Low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | servicemesh-grafana | Out of support scope | ||
| OpenShift Service Mesh 1 | servicemesh-prometheus | Out of support scope | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/kui-web-terminal-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-ui-rhel8 | Affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-prometheus | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-thanos-rhel8 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
EPSS
7.5 High
CVSS3