Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-4742

Published: 26/12/2022 Updated: 11/04/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Json-pointer

Vulnerability Summary

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. Upgrading to version 0.6.2 is able to address this issue. The patch is identified as 859c9984b6c407fc2d5a0a7e47c7274daa681941. It is recommended to upgrade the affected component. VDB-216794 is the identifier assigned to this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

json-pointer project json-pointer

Vendor Advisories

Red Hat: Important: Service Registry (container images) release and security update [2.4.3 GA]
Synopsis Important: Service Registry (container images) release and security update [243 GA] Type/Severity Security Advisory: Important Topic An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog The purpose of this text-only errata is to inform you about the security issues ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: A vulnerability, which was classified as critical, has been found in json-pointer Affected by this issue is the function set of the file indexjs The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution') The attack may be launch ...

References

CWE-1321https://github.com/manuelstofer/json-pointer/commit/859c9984b6c407fc2d5a0a7e47c7274daa681941https://github.com/manuelstofer/json-pointer/pull/36https://vuldb.com/?ctiid.216794https://vuldb.com/?id.216794https://access.redhat.com/errata/RHSA-2023:3815https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-44856
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook