It was discovered that the JSON5 parse method incorrectly handled the parsing
of keys named proto. An attacker could possibly use this issue to pollute
the prototype of the returned object, setting arbitrary or unexpected keys, and
cause a denial of service, allow unintended access to network services or have
other unspecified impact, depending on the application’s use of the module.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.04 | noarch | node-json5 | < 2.2.0+dfsg-1ubuntu0.1~esm1 | UNKNOWN |
Ubuntu | 22.04 | noarch | node-json5 | < 2.2.0+dfsg-1 | UNKNOWN |
Ubuntu | 20.04 | noarch | node-json5 | < 0.5.1-3ubuntu0.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | node-json5 | < 0.5.1-1ubuntu0.1~esm1 | UNKNOWN |
Ubuntu | 18.04 | noarch | node-json5 | < 0.5.1-1 | UNKNOWN |