GHSA-vhxc-fhm5-qcp9

Source

https://github.com/advisories/GHSA-vhxc-fhm5-qcp9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-vhxc-fhm5-qcp9/GHSA-vhxc-fhm5-qcp9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vhxc-fhm5-qcp9

Aliases

CVE-2022-25296

Published

2022-03-18T00:01:11Z

Modified

2026-03-13T21:57:13.831081Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Prototype Pollution in bodymen

Details

The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792

Database specific

{
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-1321"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-18T22:56:29Z",
    "nvd_published_at": "2022-03-17T12:15:00Z"
}

References

Affected packages

npm / bodymen

Package

Name: bodymen; View open source insights on deps.dev
Purl: pkg:npm/bodymen

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-vhxc-fhm5-qcp9/GHSA-vhxc-fhm5-qcp9.json"