Lucene search
Veracode Vulnerability DatabaseVERACODE:37701HistoryOct 27, 2022 - 5:34 a.m.
Prototype Pollution
2022-10-2705:34:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
wintercms
winter
prototype pollution
snowboard class
plugin loader
object properties
EPSS
0.005
Percentile
75.5%
wintercms/winter is vulnerable to prototype pollution. The vulnerability exists in the main Snowboard class as well as its plugin loader where an attacker can control the default values of an object’s properties. This allows the attacker to tamper with the logic of the application.
References
github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1
github.com/wintercms/winter/commit/bce4b59584abf961e9400af3d7a4fd7638e26c7f
github.com/wintercms/winter/pull/687
github.com/wintercms/winter/releases/tag/v1.1.10
github.com/wintercms/winter/releases/tag/v1.2.1
github.com/wintercms/winter/security/advisories/GHSA-3fh5-q6fg-w28q
Related
prion
prion
Use after free
2022-10-26 15:15:00
github
github
Prototype pollution in Snowboard framework
2022-10-27 18:36:42
osv
osv
CVE-2022-39357
2022-10-26 15:15:20
Prototype pollution in Snowboard framework
2022-10-27 18:36:42
nvd
nvd
CVE-2022-39357
2022-10-26 15:15:20
cve
cve
CVE-2022-39357
2022-10-26 15:15:20
cvelist
cvelist