Veracode Vulnerability DatabaseVERACODE:47858Prototype Pollution
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
ag-grid-enterprise is vulnerable to Prototype Pollution. The vulnerability is due to the functions _.mergeDeep, _ModuleSupport.jsonApply, _ModuleSupport.setPath, and _Util.jsonApply accepting arguments that include the built-in property proto. Attackers can exploit this by passing specially crafted arguments to these functions.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High