Back to bug 2211614
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-06-01 08:46:11 UTC | Doc Text | vega-util prototype could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request using the vega.mergeConfig method, an attacker could exploit this vulnerability to add or modify the properties of the Object.prototype. | vega-util prototype could allow a remote, authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request using the vega.mergeConfig method, an attacker could exploit this vulnerability to add or modify the properties of the Object.prototype. |
| Avinash Hanwate | 2023-06-01 08:46:59 UTC | Blocks | 2211615 | |
| Paige Jung | 2023-06-01 14:25:46 UTC | Doc Text | vega-util prototype could allow a remote, authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request using the vega.mergeConfig method, an attacker could exploit this vulnerability to add or modify the properties of the Object.prototype. | A flaw was found in vega-util prototype which could allow a remote authenticated attacker to bypass security restrictions caused by improper access control. By sending a specially crafted request using the vega.mergeConfig method, an attacker could add or modify the properties of the Object.prototype. |
| Red Hat Bugzilla | 2023-07-07 08:29:37 UTC | Assignee | security-response-team | nobody |
Back to bug 2211614