Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02MzM5LWd2N3ctZzVmNM4ABACE
SAP HANA Node.js client package vulnerable to Prototype Pollution
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.
Permalink: https://github.com/advisories/GHSA-6339-gv7w-g5f4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02MzM5LWd2N3ctZzVmNM4ABACE
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 days ago
Updated: 7 days ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-6339-gv7w-g5f4, CVE-2024-45277
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-45277
- https://me.sap.com/notes/3520100
- https://url.sap/sapsecuritypatchday
- https://www.npmjs.com/package/@sap/hana-client?activeTab=code
- https://github.com/advisories/GHSA-6339-gv7w-g5f4
Affected Packages
npm:@sap/hana-client
Dependent packages: 50Dependent repositories: 336
Downloads: 490,515 last month
Affected Version Ranges: >= 2.0.0, < 2.21.31
Fixed in: 2.21.31
All affected versions: 2.3.21, 2.3.106, 2.3.112, 2.3.119, 2.3.123, 2.3.130, 2.3.134, 2.3.144, 2.4.126, 2.4.139, 2.4.142, 2.4.144, 2.4.151, 2.4.155, 2.4.162, 2.4.167, 2.4.171, 2.4.177, 2.4.182, 2.4.191, 2.4.194, 2.4.196, 2.4.202, 2.5.86, 2.5.101, 2.5.104, 2.5.105, 2.5.109, 2.5.111, 2.6.54, 2.6.58, 2.6.61, 2.6.64, 2.7.16, 2.7.21, 2.7.23, 2.7.26, 2.8.16, 2.8.20, 2.8.22, 2.9.19, 2.9.23, 2.9.28, 2.10.9, 2.10.13, 2.10.15, 2.10.20, 2.11.14, 2.11.20, 2.12.13, 2.12.20, 2.12.22, 2.12.25, 2.13.13, 2.13.21, 2.13.22, 2.14.18, 2.14.22, 2.14.23, 2.14.24, 2.15.17, 2.15.19, 2.15.22, 2.16.21, 2.16.26, 2.17.14, 2.17.21, 2.17.22, 2.18.22, 2.18.24, 2.18.27, 2.19.18, 2.19.20, 2.19.21, 2.20.15, 2.20.20, 2.20.22, 2.20.23, 2.21.26, 2.21.28
All unaffected versions: 2.21.31, 2.22.27, 2.22.29