Description

think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.

Remediation

References

https://github.com/thinkjs/think-helper/security/advisories/GHSA-vr5m-3h59-7jcp

Related Vulnerabilities

CVE-2020-2210 Vulnerability in maven package org.jenkins-ci.plugins:stashbranchparameter

CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc-client

CVE-2019-10301 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-plugin

CVE-2020-9495 Vulnerability in maven package org.apache.archiva:archiva

CVE-2022-35915 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts

Severity

High

Classification

CWE-1321 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory