Description
In NASA Open MCT (aka openmct) before commit 545a177 is subject to a prototype pollution which can occur via an import action.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 3.0.2
References
Related Issues
- NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability - CVE-2023-45884
- NASA Open MCT Cross Site Scripting vulnerability - CVE-2023-45885
- fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name - CVE-2023-26920
- underscore-keypath vulnerable to Prototype Pollution - CVE-2023-26139
- Tags:
- npm
- openmct
Anything's wrong? Let us know Last updated on November 11, 2023