Vulnerabilities > CVE-2021-23408 - Unspecified vulnerability in Graphhopper

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

graphhopper

NVD

Published: 2021-07-21

Updated: 2024-11-21

Summary

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or __proto__ payload.

Vulnerable Configurations

Part	Description	Count
Application	Graphhopper Graphhopper Graphhopper 4.0 Graphhopper Graphhopper 0.4.1 Graphhopper Graphhopper 0.5.0 Graphhopper Graphhopper 0.6.0 Graphhopper Graphhopper 0.7.0 Graphhopper Graphhopper 0.8.0 Graphhopper Graphhopper 0.8.2 Graphhopper Graphhopper 0.9.0 Graphhopper Graphhopper 0.10.0 Graphhopper Graphhopper 0.10.1 Graphhopper Graphhopper 0.10.2 Graphhopper Graphhopper 0.10.3 Graphhopper Graphhopper 0.11.0 Graphhopper Graphhopper 0.11.0-1 Graphhopper Graphhopper 0.11.0-2 Graphhopper Graphhopper 0.11.0-3 Graphhopper Graphhopper 0.11.0-4 Graphhopper Graphhopper 0.12.0 Graphhopper Graphhopper 0.12.0-1 Graphhopper Graphhopper 0.12.0-2 Graphhopper Graphhopper 0.12.0-3 Graphhopper Graphhopper 0.13.0 Graphhopper Graphhopper 0.14.0 Graphhopper Graphhopper 1.0 Graphhopper Graphhopper 2.0 Graphhopper Graphhopper 2.1 Graphhopper Graphhopper 2.2 Graphhopper Graphhopper 2.3 Graphhopper Graphhopper 2.4 Graphhopper Graphhopper 3.0	134

Summary

Vulnerable Configurations

References