Vulnerability CVE-2021-23682


Published: 2022-02-16

Description:
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.

Type:

CWE-1321

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Litespeed.js project -> Litespeed.js 
Appwrite -> Appwrite 

 References:
https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820
https://github.com/appwrite/appwrite/pull/2778
https://github.com/litespeed-js/litespeed.js/pull/18
https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250
https://github.com/appwrite/appwrite/releases/tag/0.12.2
https://github.com/appwrite/appwrite/releases/tag/0.11.1

Copyright 2024, cxsecurity.com

 

Back to Top