2006397 – (CVE-2021-3805) CVE-2021-3805 nodejs-object-path: prototype pollution vulnerability

Bug 2006397 (CVE-2021-3805) - CVE-2021-3805 nodejs-object-path: prototype pollution vulnerability

Summary: CVE-2021-3805 nodejs-object-path: prototype pollution vulnerability

Keywords:
Status:	NEW
Alias:	CVE-2021-3805
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1999365 2010623 2010624 2010625 2010626 2010627 2010628 2010629 2020099 2020100
Blocks:	2006398
TreeView+	depends on / blocked

Reported:	2021-09-21 16:21 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-10-25 17:21 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the object-path nodejs library when the del() function is called to validate object properties. An attacker can manipulate or alter the prototype of an object causing the modification of default properties on all objects. This could lead into a service disruption or a denial of service attack (DoS).
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-09-21 16:21:59 UTC

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Reference:
https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053

Note You need to log in before you can comment on or make changes to this bug.