Lucene search
GoogleOSV:GHSA-V9P9-535W-4285HistoryFeb 17, 2022 - 12:00 a.m.
Prototype Pollution in litespeed.js and appwrite/server-ce
2022-02-1700:00:32
Google
osv.dev
11
prototype pollution
litespeed.js
appwrite/server-ce
getjsonfromurl
query string
sanitized
vulnerability
EPSS
0.018
Percentile
88.5%
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.
References
github.com/appwrite/appwrite/pull/2778
github.com/appwrite/appwrite/releases/tag/0.11.1
github.com/appwrite/appwrite/releases/tag/0.12.2
github.com/litespeed-js/litespeed.js/pull/18
nvd.nist.gov/vuln/detail/CVE-2021-23682
snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250
snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820
Related
veracode
veracode
Prototype Pollution
2022-02-17 08:32:05
nvd
nvd
CVE-2021-23682
2022-02-16 17:15:10
gitlab
gitlab
cvelist
cvelist
CVE-2021-23682 Prototype Pollution
2022-02-16 17:05:26
cve
cve
CVE-2021-23682
2022-02-16 17:15:10
prion
prion
Code injection
2022-02-16 17:15:00
github
github
Prototype Pollution in litespeed.js and appwrite/server-ce
2022-02-17 00:00:32
osv
osv
CVE-2021-23682
2022-02-16 17:15:10