Lucene search

K
githubGitHub Advisory DatabaseGHSA-3Q56-9CC2-46J4
HistoryJul 01, 2024 - 3:32 p.m.

robinweser fast-loops vulnerable to prototype pollution

2024-07-0115:32:22
CWE-1321
GitHub Advisory Database
github.com
45
robinweser fast-loops
prototype pollution
security vulnerability
arbitrary code execution
denial of service
software

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Affected configurations

Vulners
Node
fastloopsRange<1.1.4
VendorProductVersionCPE
fastloops*cpe:2.3:a:fast:loops:*:*:*:*:*:*:*:*

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High