Bug 2006397 (CVE-2021-3805)

Summary: CVE-2021-3805 nodejs-object-path: prototype pollution vulnerability
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gparvin, jwendell, pahickey, rcernich, stcannon, twalsh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the object-path nodejs library when the del() function is called to validate object properties. An attacker can manipulate or alter the prototype of an object causing the modification of default properties on all objects. This could lead into a service disruption or a denial of service attack (DoS).
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1999365, 2010623, 2010624, 2010625, 2010626, 2010627, 2010628, 2010629, 2020099, 2020100    
Bug Blocks: 2006398    

Description Guilherme de Almeida Suckevicz 2021-09-21 16:21:59 UTC
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')