GHSA-v9mx-4pqq-h232

Suggest an improvement
Source
https://github.com/advisories/GHSA-v9mx-4pqq-h232
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-v9mx-4pqq-h232/GHSA-v9mx-4pqq-h232.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v9mx-4pqq-h232
Aliases
Published
2024-12-18T06:30:49Z
Modified
2024-12-18T17:12:46.407178Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 6.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo
Details

Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects.

Database specific 
{
    "github_reviewed_at": "2024-12-18T16:56:06Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-1321"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2024-12-18T06:15:23Z"
}
References

Affected packages

npm / bun

Package

Name
bun
View open source insights on deps.dev
Purl
pkg:npm/bun

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.30