Lucene search
GoogleOSV:GHSA-4X6V-RWH4-55JWHistoryDec 02, 2019 - 6:16 p.m.
Pomelo allows external control of critical state data
2019-12-0218:16:34
Google
osv.dev
6
0.001 Low
EPSS
Percentile
45.8%
Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input.
Related
cve
cve
CVE-2019-18954
2019-11-14 00:15:11
nvd
nvd
CVE-2019-18954
2019-11-14 00:15:11
github
github
Pomelo allows external control of critical state data
2019-12-02 18:16:34
veracode
veracode
Prototype Pollution
2019-11-11 05:56:35
cvelist
cvelist
CVE-2019-18954
2019-11-13 23:39:46
githubexploit
githubexploit
Exploit for Exposure of Resource to Wrong Sphere in Netease Pomelo
2020-12-01 09:18:58
prion
prion
Xxe
2019-11-14 00:15:00
osv
osv
CVE-2019-18954
2019-11-14 00:15:11