GHSA-v9p9-535w-4285

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-v9p9-535w-4285/GHSA-v9p9-535w-4285.json

Aliases

CVE-2021-23682

Published

2022-02-17T00:00:32Z

Modified

2023-03-14T05:50:05.472810Z

Details

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.

References

Affected packages

npm / litespeed.js

litespeed.js

Affected ranges

Type: SEMVER
Events: Introduced

0

Fixed

0.3.12

Affected versions

Packagist / appwrite/server-ce

appwrite/server-ce

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.12.0

Fixed

0.12.2

Affected versions

0.*

0.12.0

0.12.1

Packagist / appwrite/server-ce

appwrite/server-ce

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

0.11.1

Affected versions

0.*

0.1.13

0.1.15

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.11.0

0.2.0

0.3.0

0.4.0

0.5.0

0.5.1

0.5.2

0.5.3

0.6.0

0.6.1

0.6.2

0.7.0

0.7.1

0.7.2

0.8.0

0.9

0.9.1

0.9.2

0.9.3

0.9.4