Description
A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). The attack can be initiated remotely.
Recommendation
Update the fast-json-patch package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.1.1
- Patched version(s): 3.1.1
References
- GHSA-8gh8-hqwg-xf34
- blog.effectrenan.com
- vuldb.com
- www.huntr.dev
- CVE-2021-4279
- CWE-1321
- CAPEC-310
- OWASP 2021-A6
Related Issues
- jquery-plugin-query-object contains prototype pollution vulnerability - CVE-2021-20083
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) 2 - CVE-2024-52809
- matrix-js-sdk Prototype Pollution vulnerability - CVE-2022-36059
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) 3 - CVE-2024-52809
- Tags:
- npm
- fast-json-patch
Anything's wrong? Let us know Last updated on March 01, 2024