Description

rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype.

Remediation

References

https://github.com/rdf-ext-archive/rdf-graph-array/blob/master/index.js#L211

https://snyk.io/vuln/SNYK-JS-RDFGRAPHARRAY-551803

Related Vulnerabilities

CVE-2022-24847 Vulnerability in maven package org.geoserver:gs-main

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-jms-processors

CVE-2023-47326 Vulnerability in maven package org.silverpeas.core:silverpeas-core

CVE-2023-29521 Vulnerability in maven package org.xwiki.platform:xwiki-platform-vfs-ui

CVE-2022-31053 Vulnerability in maven package com.clever-cloud:biscuit-java

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Exploit Tool Signature Third Party Advisory NVD-CWE-noinfo