CVE-2022-41714

Source
https://cve.org/CVERecord?id=CVE-2022-41714
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41714.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41714
Aliases
Published
2022-11-03T00:00:00Z
Modified
2026-07-15T01:48:56.123828213Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
fastest-json-copy 1.0.1 - Prototype Pollution
Details

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited.

Database specific
{
    "cna_assigner": "Fluid Attacks",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41714.json"
}
References

Affected packages

Git / github.com/streamich/fastest-json-copy

Affected ranges

Type
GIT
Repo
https://github.com/streamich/fastest-json-copy
Events
Database specific
{
    "cpe": "cpe:2.3:a:fastest-json-copy_project:fastest-json-copy:1.0.1:*:*:*:*:node.js:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "1.0.1"
        },
        {
            "last_affected": "1.0.1"
        }
    ]
}

Affected versions

1.*
1.0.1
v1.*
v1.0.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41714.json"