Description
A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252.
Remediation
References
https://github.com/FurqanSoftware/node-whois/commit/46ccc2aee8d063c7b6b4dee2c2834113b7286076
https://vuldb.com/?id.216252
https://github.com/FurqanSoftware/node-whois/pull/105
Related Vulnerabilities
CVE-2023-22579 Vulnerability in npm package sequelize
CVE-2019-1003049 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-34662 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-common
CVE-2021-32685 Vulnerability in npm package tenvoy
CVE-2020-7680 Vulnerability in maven package org.webjars.npm:docsify