Vulnerabilities > CVE-2022-41713 - Unspecified vulnerability in Deep-Object-Diff Project Deep-Object-Diff 1.1.0

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
deep-object-diff-project

Summary

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited.

Vulnerable Configurations

Part Description Count
Application
Deep-Object-Diff_Project
1