Description
In NASA Open MCT (aka openmct) before commit 545a177 is subject to a prototype pollution which can occur via an import action.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 3.0.2
References
Related Issues
- Path Traversal in general-file-server - CVE-2018-3724
- qs vulnerable to Prototype Pollution - CVE-2022-24999
- Server-Side Request Forgery in axios - CVE-2024-39338
- DOS by abusing `fetchOptions.retry`. - CVE-2023-49800
- Tags:
- npm
- openmct
Anything's wrong? Let us know Last updated on November 11, 2023