Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00eGN4LWN3cnEtdzc5Ms4AA2SA
Prototype Pollution in NASA Open MCT
In NASA Open MCT (aka openmct) before commit 545a177 is subject to a prototype pollution which can occur via an import action.
Permalink: https://github.com/advisories/GHSA-4xcx-cwrq-w792JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00eGN4LWN3cnEtdzc5Ms4AA2SA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 7 months ago
Updated: 6 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-4xcx-cwrq-w792, CVE-2023-45282
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-45282
- https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52
- https://nasa.github.io/openmct/
- https://github.com/nasa/openmct/commit/2243381d527c0d84cc48e9ace78be7cda5363612
- https://www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282
- https://github.com/nasa/openmct/compare/v3.0.2...v3.1.0
- https://github.com/advisories/GHSA-4xcx-cwrq-w792
Blast Radius: 11.7
Affected Packages
npm:openmct
Dependent packages: 1Dependent repositories: 36
Downloads: 763 last month
Affected Version Ranges: <= 3.0.2
No known fixed version
All affected versions: 0.11.4, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 3.0.2