GHSA-v9p9-535w-4285

Source

https://github.com/advisories/GHSA-v9p9-535w-4285

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-v9p9-535w-4285/GHSA-v9p9-535w-4285.json

Aliases

CVE-2021-23682
SNYK-JS-LITESPEEDJS-2359250
SNYK-PHP-APPWRITESERVERCE-2401820

Published

2022-02-17T00:00:32Z

Modified

2023-11-08T04:05:12.625751Z

Details

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.

References

Affected packages

npm / litespeed.js

Package

Name: litespeed.js

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.3.12

Packagist / appwrite/server-ce

Package

Name: appwrite/server-ce

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.12.0

Fixed

0.12.2

Affected versions

0.*

0.12.0

0.12.1

Packagist / appwrite/server-ce

Package

Name: appwrite/server-ce

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.11.1

Affected versions

0.*

0.1.13

0.1.15

0.2.0

0.3.0

0.4.0

0.5.0

0.5.1

0.5.2

0.5.3

0.6.0

0.6.1

0.6.2

0.7.0

0.7.1

0.7.2

0.8.0

0.9

0.9.1

0.9.2

0.9.3

0.9.4

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.11.0