In AngularJS merge() function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. External Reference: https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
Statement: Whilst servicemesh-grafana, and grafana-container both include a vulnerable version of angular.js (v1.6.6) the impact is lowered due to Grafana not directly implementing the angular.merge function.
This also affects Fedora, as far as I can tell. I issued a PR here: https://src.fedoraproject.org/rpms/python-XStatic-Angular/pull-request/1
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:8849 https://access.redhat.com/errata/RHSA-2022:8849
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2022:8866 https://access.redhat.com/errata/RHSA-2022:8866
This issue has been addressed in the following products: Red Hat OpenStack Platform 17.0 Via RHSA-2023:0274 https://access.redhat.com/errata/RHSA-2023:0274