GHSA-qhxh-9hhx-6p7v

Source

https://github.com/advisories/GHSA-qhxh-9hhx-6p7v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-qhxh-9hhx-6p7v/GHSA-qhxh-9hhx-6p7v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qhxh-9hhx-6p7v

Aliases

CVE-2021-23408
SNYK-JAVA-COMGRAPHHOPPER-1320114

Published

2021-08-02T16:59:35Z

Modified

2023-11-08T04:05:07.939604Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVSS Calculator

Summary

Prototype Pollution in GraphHopper

Details

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload.

Database specific

{
    "nvd_published_at": "2021-07-21T16:15:00Z",
    "github_reviewed_at": "2021-07-26T17:47:03Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-1321"
    ]
}

References

Affected packages

Maven / com.graphhopper:graphhopper-web-bundle

Package

Name: com.graphhopper:graphhopper-web-bundle; View open source insights on deps.dev
Purl: pkg:maven/com.graphhopper/graphhopper-web-bundle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2

Affected versions

Other

client_hc_no_vehicle

feature_1850_01

feature_1850_02

profiles_01

stable

0.*

0.11.0

0.11.0-pre1

0.11.0-pre2

0.11.0-pre3

0.11.0-pre4

0.11.0-pre5

0.11.0-pre6

0.12.0

0.12.0-pre1

0.12.0-pre2

0.12.0-pre3

0.12.0-pre5

0.12.0-pre6

0.12.0-pre7

0.13.0

0.13.0-pre1

0.13.0-pre2

0.13.0-pre3

0.13.0-pre4

0.13.0-pre5

0.13.0-pre6

0.13.0-pre7

0.13.0-pre8

0.13.0-pre9

0.13.0-pre10

0.13.0-pre12

0.13.0-pre13

0.13.0-pre14

0.13.0-pre16

0.13.0-pre17

0.13.0-pre18

0.13.0-pre19

0.13.0-tardur1

0.13.0-tmp-cleanhack

0.14.0-pre1

1.*

1.0

1.0-pre1

1.0-pre2

1.0-pre3

1.0-pre4

1.0-pre5

1.0-pre6

1.0-pre7

1.0-pre9

1.0-pre10

1.0-pre11

1.0-pre12

1.0-pre13

1.0-pre14

1.0-pre15

1.0-pre16

1.0-pre17

1.0-pre18

1.0-pre19

1.0-pre20

1.0-pre21

1.0-pre22

1.0-pre23

1.0-pre24

1.0-pre25

1.0-pre26

1.0-pre27

1.0-pre28

1.0-pre29

1.0-pre30

1.0-pre30.2

1.0-pre30.3

1.0-pre31

1.0-pre32

1.0-pre32.1

1.0-pre33

1.0-pre33.2

1.0-pre33.3

1.0-pre33.4

1.0-pre34

1.0-pre35

1.0-pre36

1.0-pre37

1.0-pre38

1.0-pre39

1.0-pre40

1.0-pre41

1.0-pre42

1.0-pre43

1.0-prelmfix

2.*

2.0

2.0-pre2

2.0-pre3

2.1

2.2

2.3

2.4

3.*

3.0

3.0-pre1

3.0-pre2

3.0-pre3

3.0-pre4

3.0-pre5