Описание
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Fix deferred | ||
| OpenShift Developer Tools and Services | odo | Will not fix | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-api-rhel8 | Will not fix | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-db-migration-rhel8 | Will not fix | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-ui-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/kiali-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2.0 | openshift-service-mesh/kiali-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Will not fix | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Will not fix |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtai ...
Уязвимость функции mapValues() служебного модуля Async для работы с асинхронным JavaScript, позволяющая нарушителю повысить свои привилегии
7.8 High
CVSS3