3 matches found
CVE-2022-42743
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...
CVE-2022-42743 deep-parse-json 1.0.2 - Prototype Pollution
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...
CVE-2022-42743
CVE-2022-42743 affects the deep-parse-json library, version 1.0.2. The root cause is improper validation of incoming JSON keys, allowing the proto property to be edited, enabling prototype pollution where an external attacker can edit/add object properties. Impact stated across sources: remote ma...