Description
A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252.
Remediation
References
https://github.com/FurqanSoftware/node-whois/commit/46ccc2aee8d063c7b6b4dee2c2834113b7286076
https://github.com/FurqanSoftware/node-whois/pull/105
https://vuldb.com/?id.216252
Related Vulnerabilities
CVE-2014-0095 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2022-29546 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml
CVE-2018-1257 Vulnerability in maven package org.springframework:spring-messaging
CVE-2023-22580 Vulnerability in npm package sequelize
CVE-2021-41184 Vulnerability in maven package org.webjars.npm:jquery-ui