← Back

CVE-2022-25948

nvd nist
Published: Dec 22, 2022Modified: Apr 14, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided.

Affected (1)

Products: Liquidjs: Liquidjs
Liquidjs
1 product
Liquidjs
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Liquidjs
Before 10.0.0

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

Source: report@snyk.io
PatchThird Party Advisory
Source: report@snyk.io
PatchThird Party Advisory
Source: report@snyk.io
ExploitIssue TrackingThird Party Advisory
Source: report@snyk.io
Broken Link
Source: report@snyk.io
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory

Timeline

No history available yet.