Lucene search

K
gitlabHttps://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-C82F95499C2F3D48630E87C1E9808600
HistoryFeb 16, 2022 - 12:00 a.m.

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

2022-02-1600:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
15
prototype pollution
litespeed.js
appwrite/server-ce
vulnerability
query string
sanitization
getjsonfromurl
software

EPSS

0.015

Percentile

86.9%

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.

EPSS

0.015

Percentile

86.9%

Related for GITLAB-C82F95499C2F3D48630E87C1E9808600