All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in the flatnest/nest.js file.
References
Link | Resource |
---|---|
https://github.com/brycebaril/node-flatnest/blob/b7d97ec64a04632378db87fcf3577bd51ac3ee39/nest.js%23L43 | Broken Link |
https://github.com/brycebaril/node-flatnest/commit/27d569baf9d9d25677640edeaf2d13af165868d6 | |
https://github.com/brycebaril/node-flatnest/issues/4 | Exploit Issue Tracking |
https://security.snyk.io/vuln/SNYK-JS-FLATNEST-3185149 | Exploit Third Party Advisory |
Configurations
History
07 Feb 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in the flatnest/nest.js file. | |
References |
|
07 Jul 2023, 18:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Flatnest Project flatnest
Flatnest Project |
|
References | (MISC) https://github.com/brycebaril/node-flatnest/blob/b7d97ec64a04632378db87fcf3577bd51ac3ee39/nest.js%23L43 - Broken Link | |
References | (MISC) https://security.snyk.io/vuln/SNYK-JS-FLATNEST-3185149 - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/brycebaril/node-flatnest/issues/4 - Exploit, Issue Tracking | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:flatnest_project:flatnest:*:*:*:*:*:node.js:*:* | |
CWE | CWE-1321 |
30 Jun 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-30 05:15
Updated : 2024-02-07 13:15
NVD link : CVE-2023-26135
Mitre link : CVE-2023-26135
CVE.ORG link : CVE-2023-26135
JSON object : View
Products Affected
flatnest_project
- flatnest
CWE
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')