Bug 2006397 (CVE-2021-3805)
| Summary: | CVE-2021-3805 nodejs-object-path: prototype pollution vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | gparvin, jwendell, pahickey, rcernich, stcannon, twalsh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the object-path nodejs library when the del() function is called to validate object properties. An attacker can manipulate or alter the prototype of an object causing the modification of default properties on all objects. This could lead into a service disruption or a denial of service attack (DoS).
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1999365, 2010623, 2010624, 2010625, 2010626, 2010627, 2010628, 2010629, 2020099, 2020100 | ||
| Bug Blocks: | 2006398 | ||
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Reference: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053