Lucene search
GoogleOSV:CVE-2021-43852HistoryJan 04, 2022 - 8:15 p.m.
CVE-2021-43852
2022-01-0420:15:07
Google
osv.dev
6
oroplatform
javascript
injection
prototype pollution
cve-2021-43852
security patch
firewall
mitigation
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. This issue has been patched in version 4.2.8. Users unable to upgrade may configure a firewall to drop requests containing next strings: __proto__ , constructor[prototype], and constructor.prototype to mitigate this issue.
Related
cvelist
cvelist
CVE-2021-43852 JavaScript Prototype Pollution in oro/platform
2022-01-04 19:40:10
nvd
nvd
CVE-2021-43852
2022-01-04 20:15:07
osv
osv
Client-Side JavaScript Prototype Pollution in oro/platform
2022-01-06 18:29:51
prion
prion
Code injection
2022-01-04 20:15:00
veracode
veracode
Prototype Pollution
2022-01-06 07:58:50
github
github
Client-Side JavaScript Prototype Pollution in oro/platform
2022-01-06 18:29:51
cve
cve
CVE-2021-43852
2022-01-04 20:15:07