WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-25296 Vulnerability in npm package bodymen

Description

The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897)

Remediation

References

https://snyk.io/vuln/SNYK-JS-BODYMEN-2342623

Related Vulnerabilities

CVE-2020-11020 Vulnerability in npm package faye

CVE-2021-35513 Vulnerability in npm package mermaid

CVE-2023-34464 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web

CVE-2022-21191 Vulnerability in npm package global-modules-path

CVE-2020-27665 Vulnerability in npm package strapi-plugin-content-type-builder

Severity

High

Classification

CWE-1321 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Exploit Third Party Advisory