Lucene search

GitHub Advisory DatabaseGHSA-4XCX-CWRQ-W792

HistoryOct 06, 2023 - 9:30 p.m.

Prototype Pollution in NASA Open MCT

2023-10-0621:30:49

CWE-1321

GitHub Advisory Database

github.com

nasa open mct

prototype pollution

import action

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

41.4%

JSON

In NASA Open MCT (aka openmct) before commit 545a177 is subject to a prototype pollution which can occur via an import action.

Affected configurations

Vulners

Node

nasaopenmctRange≤3.0.2

CPENameOperatorVersion
openmctle3.0.2

CPE	Name	Operator	Version
	openmct	le	3.0.2

References

github.com/advisories/GHSA-4xcx-cwrq-w792

github.com/nasa/openmct/commit/2243381d527c0d84cc48e9ace78be7cda5363612

github.com/nasa/openmct/compare/v3.0.2...v3.1.0

github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52

nasa.github.io/openmct/

nvd.nist.gov/vuln/detail/CVE-2023-45282

www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for GHSA-4XCX-CWRQ-W792