Lucene search

GitHub Advisory DatabaseGHSA-W58V-R3CP-QR93

HistoryJul 01, 2024 - 3:32 p.m.

@amoy/common v was discovered to contain a prototype pollution via the function extend

2024-07-0115:32:15

GitHub Advisory Database

github.com

amoyjs

common v1.0.10

vulnerability

prototype pollution

extend function

arbitrary code execution

dos

injection

software

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Affected configurations

Vulners

Node

amoycommonMatch1.0.10

CPENameOperatorVersion
@amoy/commoneq1.0.10

CPE	Name	Operator	Version
	@amoy/common	eq	1.0.10

References

gist.github.com/mestrtee/02091aa86c6c14c29b9703642439dd03

github.com/advisories/GHSA-w58v-r3cp-qr93

nvd.nist.gov/vuln/detail/CVE-2024-38994

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for GHSA-W58V-R3CP-QR93