Lucene search

Veracode Vulnerability DatabaseVERACODE:47850

HistoryJul 02, 2024 - 6:17 a.m.

Prototype Pollution

2024-07-0206:17:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

@amoy/common

prototype pollution

exploited functions

crafted arguments

proto property

object behavior

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.7 Medium

AI Score

Confidence

High

JSON

@amoy/common is vulnerable to Prototype Pollution. The vulnerability is due to functions like extend and setValue, which can be exploited by passing crafted arguments with a proto property. This allows attackers to alter the behavior of all objects inheriting from the affected prototype.

CPENameOperatorVersion
@amoy/commonle1.0.10
@amoy/commonle1.0.10

CPE	Name	Operator	Version
	@amoy/common	le	1.0.10
	@amoy/common	le	1.0.10

References

gist.github.com/mestrtee/02091aa86c6c14c29b9703642439dd03

github.com/advisories/GHSA-w58v-r3cp-qr93

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.7 Medium

AI Score

Confidence

High

JSON

Related for VERACODE:47850