Lucene search

GitHub Advisory DatabaseGHSA-GC7M-596H-X57R

HistoryJul 01, 2024 - 3:32 p.m.

frappejs was discovered to contain a prototype pollution via the function registerView

2024-07-0115:32:11

CWE-1321

GitHub Advisory Database

github.com

frappejs

v0.0.11

prototype pollution

vulnerability

arbitrary code

dos

injection

software

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Affected configurations

Vulners

Node

airvertcofrappejsMatch0.0.11

CPENameOperatorVersion
@airvertco/frappejseq0.0.11

CPE	Name	Operator	Version
	@airvertco/frappejs	eq	0.0.11

References

gist.github.com/mestrtee/10c88b9069229979ac7e52e0efc98055

github.com/advisories/GHSA-gc7m-596h-x57r

nvd.nist.gov/vuln/detail/CVE-2024-38992

www.npmjs.com/package/@airvertco/frappejs

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for GHSA-GC7M-596H-X57R