Lucene search
HistoryJun 30, 2023 - 5:15 a.m.
CVE-2023-26135
cve-2023-26135
prototype pollution
nest() function
flatnest/nest.js file
security vulnerability
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
High
EPSS
0.003
Percentile
70.3%
All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in the flatnest/nest.js file.
Affected configurations
Node
flatnest_projectflatnestnode.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| flatnest_project | flatnest | * | cpe:2.3:a:flatnest_project:flatnest:*:*:*:*:*:node.js:*:* |
Related
veracode
veracode
Prototype Pollution
2023-07-10 06:02:28
prion
prion
Design/Logic Flaw
2023-06-30 05:15:00
cvelist
cvelist
CVE-2023-26135
2023-06-30 05:00:01
cve
cve
CVE-2023-26135
2023-06-30 05:15:09
osv
osv
flatnest Prototype Pollution vulnerability
2023-06-30 06:30:14
CVE-2023-26135
2023-06-30 05:15:09
github
github
flatnest Prototype Pollution vulnerability
2023-06-30 06:30:14
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
High
EPSS
0.003
Percentile
70.3%
Related for NVD:CVE-2023-26135