CVE-2022-41713

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41713

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41713.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-41713

Aliases

GHSA-653v-rqx9-j85p

Published

2022-11-03T20:15:31Z

Modified

2025-07-29T10:41:25.954191Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited.

References

Affected packages

Git / github.com/mattphillips/deep-object-diff

Affected ranges

Type: GIT
Repo: https://github.com/mattphillips/deep-object-diff
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

35986511dc2cdb8b87b65e92a331144aae252ea9

Affected versions

v0.*

v0.0.2

v0.0.3

v0.0.4

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.0