CVE-2022-25296 – bodymen

Package

Manager: npm
Name: bodymen
Vulnerable Version: >=0.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00258 pctl0.49006

Details

Prototype Pollution in bodymen The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897)

Metadata

Created: 2022-03-18T00:01:11Z
Modified: 2022-03-18T22:56:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-vhxc-fhm5-qcp9/GHSA-vhxc-fhm5-qcp9.json
CWE IDs: ["CWE-1321"]
Alternative ID: GHSA-vhxc-fhm5-qcp9
Finding: F390
Auto approve: 1