Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00d205LTNxbXYtZ3Z4as4AA9bs

jsonic was discovered to contain a prototype pollution via the function empty.

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Permalink: https://github.com/advisories/GHSA-4wm9-3qmv-gvxj
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00d205LTNxbXYtZ3Z4as4AA9bs
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 13 days ago
Updated: 2 days ago

Widthdrawn: 2 days ago

CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-4wm9-3qmv-gvxj, CVE-2024-38993
References: Blast Radius: 27.3

Affected Packages

npm:jsonic
Dependent packages: 190
Dependent repositories: 608
Downloads: 79,404 last month
Affected Version Ranges: <= 2.12.1
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 1.0.1