CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
@cat5th/key-serializer is vulnerable to Prototype Pollution. The vulnerability is due to passing crafted arguments with the proto property using functions like query, set, default.query, and default.set. The vulnerability allows attackers to alter the behavior of all objects inheriting from the affected prototype.