Lucene search

GitHub Advisory DatabaseGHSA-3HVJ-2783-34X2

HistoryMay 16, 2024 - 6:30 p.m.

njwt Prototype Pollution vulnerability

2024-05-1618:30:31

CWE-1321

GitHub Advisory Database

github.com

njwt v0.4.0

prototype pollution

parser.prototype.parse

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

JSON

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method.

Affected configurations

Vulners

Node

njwtRange<2.0.1

VendorProductVersionCPE
*njwt*cpe:2.3:a:*:njwt:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	njwt	*	cpe:2.3:a::njwt::::::::*

References

github.com/advisories/GHSA-3hvj-2783-34x2

github.com/chrisandoryan/vuln-advisory/blob/main/nJwt/CVE-2024-34273.md

github.com/jwtk/njwt/commit/ec9483b6eec1150d56f772ddd308c2bbdf2f98f4

github.com/jwtk/njwt/issues/105

nvd.nist.gov/vuln/detail/CVE-2024-34273

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

JSON

Related for GHSA-3HVJ-2783-34X2