Lucene search
Veracode Vulnerability DatabaseVERACODE:34265HistoryFeb 17, 2022 - 8:32 a.m.
Prototype Pollution
2022-02-1708:32:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
litespeed.js
vulnerability
sanitization
state.js
prototype pollution
attacker
injection
construct prototypes
attributes
EPSS
0.018
Percentile
88.5%
litespeed.js is vulnerable to prototype pollution. The vulnerability exists due to a lack of sanitization for the key value in the state.js file which allows an attacker to inject properties into existing construct prototypes and modify attributes.
References
github.com/advisories/GHSA-v9p9-535w-4285
github.com/appwrite/appwrite/pull/2778
github.com/appwrite/appwrite/releases/tag/0.11.1
github.com/appwrite/appwrite/releases/tag/0.12.2
github.com/litespeed-js/litespeed.js/commit/7454938a115316ae2be69e4d01d734b08153379b
github.com/litespeed-js/litespeed.js/pull/18
Related
nvd
nvd
CVE-2021-23682
2022-02-16 17:15:10
gitlab
gitlab
cvelist
cvelist
CVE-2021-23682 Prototype Pollution
2022-02-16 17:05:26
cve
cve
CVE-2021-23682
2022-02-16 17:15:10
prion
prion
Code injection
2022-02-16 17:15:00
github
github
Prototype Pollution in litespeed.js and appwrite/server-ce
2022-02-17 00:00:32
osv
osv
Prototype Pollution in litespeed.js and appwrite/server-ce
2022-02-17 00:00:32
CVE-2021-23682
2022-02-16 17:15:10