Description

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.

Remediation

References

https://fluidattacks.com/advisories/guetta/

https://github.com/streamich/fastest-json-copy

Related Vulnerabilities

CVE-2022-31367 Vulnerability in npm package @strapi/strapi

CVE-2022-35949 Vulnerability in maven package org.webjars.npm:undici

CVE-2022-3952 Vulnerability in maven package com.manydesigns:portofino-microservice-launcher

CVE-2021-46708 Vulnerability in maven package org.webjars.npm:swagger-ui

CVE-2022-1243 Vulnerability in maven package org.webjars.npm:urijs

Severity

Medium

Classification

CWE-1321 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Exploit Third Party Advisory Product