CVE-2021-23682

Sažetak

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.

Reference

https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820
https://github.com/appwrite/appwrite/pull/2778
https://github.com/litespeed-js/litespeed.js/pull/18
https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250
https://github.com/appwrite/appwrite/releases/tag/0.12.2
https://github.com/appwrite/appwrite/releases/tag/0.11.1

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

24-02-2022 - 03:35

Objavljeno

16-02-2022 - 17:15