Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12aHhjLWZobTUtcWNwOc0z8g
Prototype Pollution in bodymen
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792
Permalink: https://github.com/advisories/GHSA-vhxc-fhm5-qcp9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12aHhjLWZobTUtcWNwOc0z8g
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 6.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-vhxc-fhm5-qcp9, CVE-2022-25296
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25296
- https://snyk.io/vuln/SNYK-JS-BODYMEN-2342623
- https://github.com/advisories/GHSA-vhxc-fhm5-qcp9
Affected Packages
npm:bodymen
Dependent packages: 10Dependent repositories: 206
Downloads: 9,309 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1