Описание
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
A flaw was found in the object-path nodejs library when the del() function is called to validate object properties. An attacker can manipulate or alter the prototype of an object causing the modification of default properties on all objects. This could lead into a service disruption or a denial of service attack (DoS).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | servicemesh-prometheus | Out of support scope | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/application-ui-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-api-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/grc-ui-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/mcm-topology-api-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 | rhacm2/grc-ui-api-rhel8 | Fixed | RHSA-2021:3925 | 20.10.2021 |
| Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 | rhacm2/search-api-rhel8 | Fixed | RHSA-2021:3925 | 20.10.2021 |
| Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 | rhacm2/search-ui-rhel8 | Fixed | RHSA-2021:3925 | 20.10.2021 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
object-path is vulnerable to Improperly Controlled Modification of Obj ...
7.5 High
CVSS3