← Back

CVE-2021-23682

nvd nist
Published: Feb 16, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.

Affected (3)

Appwrite
1 product
Appwrite
Litespeed.js Project
1 product
Litespeed.js
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Appwrite
Appwrite
Before 0.11.1
Appwrite
From 0.12.0 to 0.12.2
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Litespeed.js
Before 0.3.12

Related CWEs

CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

References (12)

Source: report@snyk.io
PatchThird Party Advisory
Source: report@snyk.io
Release NotesThird Party Advisory
Source: report@snyk.io
Release NotesThird Party Advisory
Source: report@snyk.io
PatchThird Party Advisory
Source: report@snyk.io
ExploitThird Party Advisory
Source: report@snyk.io
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.