JS-IOREDIS-1567196 – ioredis

Package

Manager: npm
Name: ioredis
Vulnerable Version: <4.27.8

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Affected versions of this package are vulnerable to Prototype Pollution. The reply transformer which is applied does not check for special field names. This only impacts applications that are directly allowing user-provided field names.

Metadata

Created:
Modified:
Source: MANUAL
CWE IDs: ["CWE-1321"]
Alternative ID: N/A
Finding: F390
Auto approve: 1