Search criteria
2 vulnerabilities by moutjs
CVE-2022-21213 (GCVE-0-2022-21213)
Vulnerability from cvelistv5 – Published: 2022-06-17 20:05 – Updated: 2024-09-16 19:26
VLAI?
Title
Prototype Pollution
Summary
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544).
Severity ?
CWE
- Prototype Pollution
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
P.Adithya Srinivas
Masudul Hasan Masud Bhuiyan
Cristian-Alexandru Staicu
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mout/mout/blob/master/src/object/deepFillIn.js"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mout/mout/blob/master/src/object/deepMixIn.js"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-MOUT-2342654"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2870622"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2870623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mout",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "P.Adithya Srinivas"
},
{
"lang": "en",
"value": "Masudul Hasan Masud Bhuiyan"
},
{
"lang": "en",
"value": "Cristian-Alexandru Staicu"
}
],
"datePublic": "2022-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This affects all versions of package mout. The deepFillIn function can be used to \u0027fill missing properties recursively\u0027, while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-17T20:05:12",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mout/mout/blob/master/src/object/deepFillIn.js"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mout/mout/blob/master/src/object/deepMixIn.js"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-MOUT-2342654"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2870622"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2870623"
}
],
"title": "Prototype Pollution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-06-17T20:00:28.333571Z",
"ID": "CVE-2022-21213",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mout",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "P.Adithya Srinivas"
},
{
"lang": "eng",
"value": "Masudul Hasan Masud Bhuiyan"
},
{
"lang": "eng",
"value": "Cristian-Alexandru Staicu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package mout. The deepFillIn function can be used to \u0027fill missing properties recursively\u0027, while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mout/mout/blob/master/src/object/deepFillIn.js",
"refsource": "MISC",
"url": "https://github.com/mout/mout/blob/master/src/object/deepFillIn.js"
},
{
"name": "https://github.com/mout/mout/blob/master/src/object/deepMixIn.js",
"refsource": "MISC",
"url": "https://github.com/mout/mout/blob/master/src/object/deepMixIn.js"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-MOUT-2342654",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-MOUT-2342654"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2870622",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2870622"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2870623",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2870623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2022-21213",
"datePublished": "2022-06-17T20:05:12.401688Z",
"dateReserved": "2022-02-24T00:00:00",
"dateUpdated": "2024-09-16T19:26:02.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7792 (GCVE-0-2020-7792)
Vulnerability from cvelistv5 – Published: 2020-12-11 11:05 – Updated: 2024-09-17 02:31
VLAI?
Title
Prototype Pollution
Summary
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution.
Severity ?
7.5 (High)
CWE
- Prototype Pollution
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
Alessio Della Libera (d3lla)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-MOUT-1014544"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050373"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1050374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mout/mout/blob/master/src/object/deepFillIn.js"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mout/mout/blob/master/src/object/deepMixIn.js"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mout",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alessio Della Libera (d3lla)"
}
],
"datePublic": "2020-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This affects all versions of package mout. The deepFillIn function can be used to \u0027fill missing properties recursively\u0027, while the deepMixIn \u0027mixes objects into the target object, recursively mixing existing child objects as well\u0027. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T11:05:21",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-MOUT-1014544"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050373"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1050374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mout/mout/blob/master/src/object/deepFillIn.js"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mout/mout/blob/master/src/object/deepMixIn.js"
}
],
"title": "Prototype Pollution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-12-11T11:01:29.064260Z",
"ID": "CVE-2020-7792",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mout",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alessio Della Libera (d3lla)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package mout. The deepFillIn function can be used to \u0027fill missing properties recursively\u0027, while the deepMixIn \u0027mixes objects into the target object, recursively mixing existing child objects as well\u0027. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-MOUT-1014544",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-MOUT-1014544"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050373",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050373"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1050374",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1050374"
},
{
"name": "https://github.com/mout/mout/blob/master/src/object/deepFillIn.js",
"refsource": "MISC",
"url": "https://github.com/mout/mout/blob/master/src/object/deepFillIn.js"
},
{
"name": "https://github.com/mout/mout/blob/master/src/object/deepMixIn.js",
"refsource": "MISC",
"url": "https://github.com/mout/mout/blob/master/src/object/deepMixIn.js"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7792",
"datePublished": "2020-12-11T11:05:21.289276Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T02:31:08.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}