Vulnerabilities > CVE-2023-26139 - Unspecified vulnerability in Underscore-Keypath Project Underscore-Keypath

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

underscore-keypath-project

NVD

Published: 2023-08-01

Updated: 2023-11-07

Summary

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”.

Vulnerable Configurations

Part	Description	Count
Application	Underscore-Keypath_Project Underscore Keypath Project Underscore Keypath 0.0.11 Underscore Keypath Project Underscore Keypath 0.0.12 Underscore Keypath Project Underscore Keypath 0.0.13 Underscore Keypath Project Underscore Keypath 0.0.14 Underscore Keypath Project Underscore Keypath 0.0.15 Underscore Keypath Project Underscore Keypath 0.0.16 Underscore Keypath Project Underscore Keypath 0.0.18 Underscore Keypath Project Underscore Keypath 0.0.19 Underscore Keypath Project Underscore Keypath 0.0.20 Underscore Keypath Project Underscore Keypath 0.0.21 Underscore Keypath Project Underscore Keypath 0.0.22 Underscore Keypath Project Underscore Keypath 0.9.0 Underscore Keypath Project Underscore Keypath 0.9.1 Underscore Keypath Project Underscore Keypath 0.9.2 Underscore Keypath Project Underscore Keypath 0.9.3	15

Summary

Vulnerable Configurations

References