Description

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

Remediation

References

https://www.npmjs.com/package/realms-shim

https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309908

Related Vulnerabilities

CVE-2021-21277 Vulnerability in maven package org.webjars.npm:angular-expressions

CVE-2022-23510 Vulnerability in npm package @cubejs-backend/api-gateway

CVE-2022-2191 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2022-4772 Vulnerability in maven package com.github.dgarijo:widoco

CVE-2018-20677 Vulnerability in npm package bootstrap

Severity

Critical

Classification

CWE-1321 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Product Third Party Advisory Exploit