Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-JX5Q-G37M-H5HJ
HistoryJan 06, 2022 - 6:29 p.m.

Client-Side JavaScript Prototype Pollution in oro/platform

2022-01-0618:29:51
Google
osv.dev
11
client-side
javascript
prototype pollution
oro/platform
injection
code execution
workarounds
waf
request filtering

EPSS

0.002

Percentile

65.1%

JSON

Summary

By sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution.

Workarounds

Configure WAF to drop requests containing next strings: __proto__ , constructor[prototype], constructor.prototype

Related

cvelist 1
nvd 1
veracode 1
github 1
prion 1
cve 1
osv 1
cvelist
cvelist
CVE-2021-43852 JavaScript Prototype Pollution in oro/platform
2022-01-04 19:40:10
nvd
nvd
CVE-2021-43852
2022-01-04 20:15:07
veracode
veracode
Prototype Pollution
2022-01-06 07:58:50
github
github
Client-Side JavaScript Prototype Pollution in oro/platform
2022-01-06 18:29:51
prion
prion
Code injection
2022-01-04 20:15:00
cve
cve
CVE-2021-43852
2022-01-04 20:15:07
osv
osv
CVE-2021-43852
2022-01-04 20:15:07

EPSS

0.002

Percentile

65.1%

JSON
Related for OSV:GHSA-JX5Q-G37M-H5HJ
cvelist1nvd1veracode1github1prion1cve1osv1