Lucene search

Veracode Vulnerability DatabaseVERACODE:43906

HistoryOct 20, 2023 - 2:20 a.m.

Prototype Pollution

2023-10-2002:20:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

deobfuscator

software

object constructor

literalmap transformer

arbitrary code

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.8%

JSON

deobfuscator is vulnerable to Prototype Pollution. This vulnerability allows an attacker to modify the prototype of the Object constructor via the LiteralMap transformer, which could then be used to execute arbitrary code on the victim’s system.

References

github.com/advisories/GHSA-jg82-xh3w-rhxx

github.com/relative/synchrony/commit/b583126be94c4db7c5a478f1c5204bfb4162cf40

github.com/relative/synchrony/security/advisories/GHSA-jg82-xh3w-rhxx

github.com/relative/synchrony/security/advisories/src/transformers/literalmap.ts

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.8%

JSON

Related for VERACODE:43906