Lucene search

GitHub Advisory DatabaseGHSA-FM93-FHH2-CG2C

HistoryJan 27, 2022 - 2:21 p.m.

Prototype Pollution in min-dash

2022-01-2714:21:53

CWE-1321

GitHub Advisory Database

github.com

min-dash

version 3.8.1

prototype pollution

set method

key types

vulnerability

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.2%

JSON

The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types.

Affected configurations

Vulners

Node

camundamin-dashRange<3.8.1

VendorProductVersionCPE
camundamin-dash*cpe:2.3:a:camunda:min-dash:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
camunda	min-dash	*	cpe:2.3:a:camunda:min-dash::::::::

References

github.com/advisories/GHSA-fm93-fhh2-cg2c

github.com/bpmn-io/min-dash/blob/c4d579c0eb2ed0739592111c3906b198921d3f52/lib/object.js%23L32

github.com/bpmn-io/min-dash/pull/21

github.com/bpmn-io/min-dash/pull/21/commits/5ab05cbc4fd8d5eafb7db540c491ed0906b9d320

nvd.nist.gov/vuln/detail/CVE-2021-23460

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2342127

snyk.io/vuln/SNYK-JS-MINDASH-2340605

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.2%

JSON

Related for GHSA-FM93-FHH2-CG2C