Description
A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack can be initiated remotely.
Recommendation
Update the fast-json-patch package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.1.1
- Patched version(s): 3.1.1
References
- GHSA-8gh8-hqwg-xf34
- blog.effectrenan.com
- vuldb.com
- www.huntr.dev
- CVE-2021-4279
- CWE-1321
- CAPEC-310
- OWASP 2021-A6
Related Issues
- jquery-plugin-query-object contains prototype pollution vulnerability - CVE-2021-20083
- uPlot Prototype Pollution vulnerability - CVE-2024-21489
- @75lb/deep-merge Prototype Pollution vulnerability - CVE-2024-38986
- @thi.ng/paths Prototype Pollution vulnerability - CVE-2024-29650
- Tags:
- npm
- fast-json-patch
Anything's wrong? Let us know Last updated on March 01, 2024