CVE-2022-41714

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://fluidattacks.com/advisories/guetta/	Exploit Third Party Advisory
https://github.com/streamich/fastest-json-copy	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:fastest-json-copy_project:fastest-json-copy:1.0.1:*:*:*:*:node.js:*:*

History

05 Nov 2022, 00:31

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/streamich/fastest-json-copy -~~	(MISC) https://github.com/streamich/fastest-json-copy - Product
References	~~(MISC) https://fluidattacks.com/advisories/guetta/ -~~	(MISC) https://fluidattacks.com/advisories/guetta/ - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:fastest-json-copy_project:fastest-json-copy:1.0.1:::::node.js::
First Time		Fastest-json-copy Project Fastest-json-copy Project fastest-json-copy
CWE		CWE-1321

03 Nov 2022, 20:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-03 20:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-41714

Mitre link : CVE-2022-41714

CVE.ORG link : CVE-2022-41714

JSON object : View

Products Affected

fastest-json-copy_project

fastest-json-copy

CWE

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

5.3 /10