Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. External References: https://github.com/cowboy/node-getobject/blob/aba04a8e1d6180eb39eff09990c3a43886ba8937/lib/getobject.js#L48 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28282
Created nodejs-getobject tracking bugs for this issue: Affects: epel-7 [bug 1912484] Affects: fedora-32 [bug 1912483]
Statement: In OpenShift ServiceMesh (OSSM) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-getobject library to authenticated users only, therefore the impact is Low. OpenShift ServiceMesh (OSSM) 1.1 is out of support scope for Moderate and Low impact vulnerabilities, hence is marked Out Of Support Scope.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-28282