Lucene search
Veracode Vulnerability DatabaseVERACODE:37583HistoryOct 17, 2022 - 7:32 a.m.
Prototype Pollution
2022-10-1707:32:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
prototype pollution
vulnerability
grunt-karma.js
javascript
properties
attack
0.003 Low
EPSS
Percentile
65.3%
grunt-karma is vulnerable to prototype pollution. The vulnerability is due to the exports functions in grunt-karma.js where an attacker cam injects properties into the existing JavaScript construct prototype.
| CPE | Name | Operator | Version |
|---|---|---|---|
| grunt-karma | le | 4.0.2 | |
| grunt-karma | le | 4.0.2 | |
| grunt-karma | le | 2.0.0 | |
| grunt-karma | le | 4.0.2 | |
| grunt-karma | le | 4.0.2 | |
| grunt-karma | le | 2.0.0 |
References
github.com/advisories/GHSA-hcj4-xf6x-63wj
github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L109
github.com/karma-runner/grunt-karma/blob/45b925964f55870f375c6e670d9945b223c984f5/tasks/grunt-karma.js#L26
github.com/karma-runner/grunt-karma/issues/311
Related
prion
prion
Code injection
2022-10-14 11:15:00
cvelist
cvelist
CVE-2022-37602
2022-10-14 00:00:00
github
github
Grunt-karma vulnerable to prototype pollution
2022-10-14 12:00:16
osv
osv
CVE-2022-37602
2022-10-14 11:15:09
Grunt-karma vulnerable to prototype pollution
2022-10-14 12:00:16
cve
cve
CVE-2022-37602
2022-10-14 11:15:09
nvd
nvd
CVE-2022-37602
2022-10-14 11:15:09