CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
32.3%
Possible prototype pollution for the MetadataRecord
, when merged with a base class’ metadata object, in meta
decorator from the @aedart/support
package.
The likelihood is questionable, given that a class’ metadata can only be set or altered when the class is decorated via meta()
. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can become a vulnerability.
Has been patched in version 0.6.1
.