Lucene search
GoogleOSV:CVE-2021-41097HistorySep 27, 2021 - 6:15 p.m.
CVE-2021-41097
2021-09-2718:15:08
Google
osv.dev
3
aurelia platform
prototype pollution
vulnerability
aurelia-path
version 1.1.7
path manipulation
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will be Aurelia applications that employ the aurelia-router package. An example is this could allow an attacker to change the prototype of base object class Object by tricking an application to parse the following URL: https://aurelia.io/blog/?__proto__[asdf]=asdf. The problem is patched in version 1.1.7.
Related
cnvd
cnvd
aurelia path code injection vulnerability
2021-09-29 00:00:00
cvelist
cvelist
CVE-2021-41097 Prototype pollution in aurelia-path
2021-09-27 17:40:12
nvd
nvd
CVE-2021-41097
2021-09-27 18:15:08
prion
prion
Design/Logic Flaw
2021-09-27 18:15:00
github
github
Prototype pollution in aurelia-path
2021-09-27 20:12:16
cve
cve
CVE-2021-41097
2021-09-27 18:15:08
osv
osv
Prototype pollution in aurelia-path
2021-09-27 20:12:16
veracode
veracode
Prototype Pollution
2021-09-28 04:28:49