CVE-2022-41714 – fastest-json-copy

Package

Manager: npm
Name: fastest-json-copy
Vulnerable Version: >=0 <=1.0.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00082 pctl0.24838

Details

fastest-json-copy vulnerable to Prototype Pollution fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the `__proto__` property to be edited.

Metadata

Created: 2022-11-04T12:00:25Z
Modified: 2022-11-08T14:49:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-p5g9-rjcf-95vj/GHSA-p5g9-rjcf-95vj.json
CWE IDs: ["CWE-1321"]
Alternative ID: GHSA-p5g9-rjcf-95vj
Finding: F390
Auto approve: 1