GHSA-p5g9-rjcf-95vj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p5g9-rjcf-95vj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-p5g9-rjcf-95vj/GHSA-p5g9-rjcf-95vj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-p5g9-rjcf-95vj
- Aliases
- Published
- 2022-11-04T12:00:25Z
- Modified
- 2023-11-08T04:10:31.986374Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- fastest-json-copy vulnerable to Prototype Pollution
- Details
-
fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the
__proto__property to be edited. - Database specific
{ "github_reviewed_at": "2022-11-08T14:49:19Z", "severity": "MODERATE", "cwe_ids": [ "CWE-1321" ], "github_reviewed": true, "nvd_published_at": "2022-11-03T20:15:00Z" }- References
Affected packages
npm / fastest-json-copy
Package
- Name
- fastest-json-copy
- View open source insights on deps.dev
- Purl
- pkg:npm/fastest-json-copy