Vulnerabilities > CVE-2022-24279 - Unspecified vulnerability in Springtree Madlib-Object-Utils

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

springtree

NVD

Published: 2022-04-15

Updated: 2022-04-25

Summary

The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676)

Vulnerable Configurations

Part	Description	Count
Application	Springtree Springtree Madlib Object Utils 0.1.2 Springtree Madlib Object Utils 0.1.3 Springtree Madlib Object Utils 0.1.4 Springtree Madlib Object Utils 0.1.5 Springtree Madlib Object Utils 0.1.6 Springtree Madlib Object Utils 0.1.7	6

References

https://github.com/Qwerios/madlib-object-utils/commit/8d5d54c11c8fb9a7980a99778329acd13e3ef98f
https://snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-2388572