msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 before versions 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "proto ", it assigns the decoded value to proto . Object.prototype.proto is an access...
8.8CVSS
8.7AI Score
0.009EPSS