Code injection

2024-01-0517:15:00

PRIOn knowledge base

www.prio-n.com

code injection

prototype pollution

qnap os

network crash

version update

nvd

7 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later

CPENameOperatorVersion
qtseq5.1.0.2348 build-20230325
qtseq5.1.0.2418 build-20230603
qtseq5.1.0.2399 build-20230515
qtseq5.1.0.2466 build-20230721
qtseq5.1.1.2491 build-20230815
qtseq5.1.0.2444 build-20230629
qtseq5.1.2.2533 build-20230926
quts_heroeqh5.1.0.2409 build-20230525
quts_heroeqh5.1.1.2488 build-20230812
quts_heroeqh5.1.0.2466 build-20230721

Name	Operator	Version
qts	eq	5.1.0.2348 build-20230325
qts	eq	5.1.0.2418 build-20230603
qts	eq	5.1.0.2399 build-20230515
qts	eq	5.1.0.2466 build-20230721
qts	eq	5.1.1.2491 build-20230815
qts	eq	5.1.0.2444 build-20230629
qts	eq	5.1.2.2533 build-20230926
quts_hero	eq	h5.1.0.2409 build-20230525
quts_hero	eq	h5.1.1.2488 build-20230812
quts_hero	eq	h5.1.0.2466 build-20230721