Description

In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action.

Remediation

References

https://github.com/nasa/openmct/compare/v3.0.2...v3.1.0

https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52

https://nasa.github.io/openmct/

https://www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282

Related Vulnerabilities

CVE-2022-31166 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2021-28168 Vulnerability in maven package org.glassfish.jersey.core:jersey-common

CVE-2023-46243 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui

CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wms

Severity

High

Classification

CWE-1321 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Product Patch Third Party Advisory