Description
A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack can be initiated remotely.
Recommendation
Update the fast-json-patch package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.1.1
- Patched version(s): 3.1.1
References
- GHSA-8gh8-hqwg-xf34
- blog.effectrenan.com
- vuldb.com
- www.huntr.dev
- CVE-2021-4279
- CWE-1321
- CAPEC-310
- OWASP 2021-A6
Related Issues
- @digitalocean/do-markdownit has Type Confusion vulnerability - CVE-2025-59717
- node-opcua-alarm-condition prototype pollution vulnerability - CVE-2024-57086
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- axios Inefficient Regular Expression Complexity vulnerability - CVE-2021-3749
- Tags:
- npm
- fast-json-patch
Anything's wrong? Let us know Last updated on March 01, 2024