Lucene search

GoogleOSV:GHSA-QJ86-V6M7-4QV2

HistoryJun 17, 2024 - 6:31 p.m.

Object Resolver Prototype Pollution

2024-06-1718:31:33

Google

osv.dev

apphp

js-object-resolver

vulnerability

prototype pollution

module.setnestedproperty

software

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.

CPENameOperatorVersion
@apphp/object-resolverlt3.1.1

CPE	Name	Operator	Version
	@apphp/object-resolver	lt	3.1.1

References

gist.github.com/mestrtee/c90189f3d8480a5f267395ec40701373

github.com/apphp/js-object-resolver

github.com/apphp/js-object-resolver/commit/7e347a26bf04d6a4f7525f6605666afbb218afca

nvd.nist.gov/vuln/detail/CVE-2024-36577