CVE-2026-45325 - CERT CVE
ID CVE-2026-45325
Sažetak Gestor de Oferta is a web application for managing mobility service offerings. Prior to 20260509.0340.15, @tmlmobilidade/utils has a prototype pollution vulnerability in setValueAtPath() in packages/utils/src/generic/value-at-path.ts because unsafe path segments are not blocked. This issue is fixed in version 20260509.0340.15.
Reference
CVSS
Base: 8.2
Impact: 4.2
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE HIGH LOW
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Zadnje važnije ažuriranje 17-07-2026 - 19:17
Objavljeno 16-07-2026 - 17:16