4 matches found
CVE-2022-41713
deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...
@backland/accounts (>=0.1.3-alpha.2022.11.25.20.14.44.0 <=0.1.3-alpha.20221123222206.0), @backland/entity (>=0.1.3-alpha.2022.11.25.20.14.44.0 <=0.1.3-alpha.20221123222206.0) +29 more potentially affected by CVE-2022-41713 via deep-object-diff (=1.1.7)
deep-object-diff NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on deep-object-diff and may be impacted: - @backland/accounts =0.1.3-alpha.2022.11.25.20.14.44.0, =0.1.3-alpha.2022.11.25.20.14.44.0, =0.1.3-alpha.2022.11.25.20.14.44.0,...
CVE-2022-41713 deep-object-diff 1.1.0 - Prototype Pollution
deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...
CVE-2022-41713
CVE-2022-41713 affects the Node.js library deep-object-diff version 1.1.0, where improper validation of incoming JSON keys allows prototype pollution via the proto property. The available connected documents confirm the root cause as a prototype pollution weakness in deep-object-diff 1.1.0 and re...