Description

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.

Remediation

References

https://fluidattacks.com/advisories/buuren/

https://github.com/sibu-github/deep-parse-json

Related Vulnerabilities

CVE-2020-28443 Vulnerability in npm package sonar-wrapper

CVE-2023-40813 Vulnerability in maven package org.opencrx:opencrx-core-models

CVE-2021-43142 Vulnerability in maven package com.wutka:jox

CVE-2020-28280 Vulnerability in npm package predefine

CVE-2022-29648 Vulnerability in maven package com.jflyfox:jflyfox_jfinal

Severity

Medium

Classification

CWE-1321 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Exploit Third Party Advisory Product