Lucene search

GitHub Advisory DatabaseGHSA-89QM-HM2X-MXM3

HistoryJun 12, 2023 - 6:30 a.m.

progressbar.js vulnerable to Prototype Pollution

2023-06-1206:30:17

CWE-1321

GitHub Advisory Database

github.com

vulnerability

progressbar.js

extend function

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

54.7%

JSON

All versions of the package progressbar.js prior to 1.1.1 are vulnerable to Prototype Pollution via the function extend() in the file utils.js.

Affected configurations

Vulners

Node

progressbar.js_projectprogressbar.jsRange<1.1.1node.js

CPENameOperatorVersion
progressbar.jslt1.1.1

CPE	Name	Operator	Version
	progressbar.js	lt	1.1.1

References

github.com/advisories/GHSA-89qm-hm2x-mxm3

github.com/kimmobrunfeldt/progressbar.js/blob/74536b9eeeaaf51144706d918ed5a0a679631d96/src/utils.js#L18

github.com/kimmobrunfeldt/progressbar.js/blob/74536b9eeeaaf51144706d918ed5a0a679631d96/src/utils.js#L20

github.com/kimmobrunfeldt/progressbar.js/commit/97fe68ef4beccfe84b7cba08ea1fc695e38cc04b

nvd.nist.gov/vuln/detail/CVE-2023-26133

security.snyk.io/vuln/SNYK-JS-PROGRESSBARJS-3184152

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

54.7%

JSON

Related for GHSA-89QM-HM2X-MXM3