CVE-2021-23682
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
Summary
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | litespeed.js | unspecified < 0.3.12 | affected |
| n/a | appwrite/server-ce | 0.12.0 < unspecified | affected |
| n/a | appwrite/server-ce | unspecified < 0.12.2 | affected |
| n/a | appwrite/server-ce | unspecified < 0.11.1 | affected |
Weaknesses
- Prototype Pollution
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250
- https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820
- https://github.com/litespeed-js/litespeed.js/pull/18
- https://github.com/appwrite/appwrite/releases/tag/0.12.2
- https://github.com/appwrite/appwrite/pull/2778
- https://github.com/appwrite/appwrite/releases/tag/0.11.1
References
- https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250
- https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820
- https://github.com/litespeed-js/litespeed.js/pull/18
- https://github.com/appwrite/appwrite/releases/tag/0.12.2
- https://github.com/appwrite/appwrite/pull/2778
- https://github.com/appwrite/appwrite/releases/tag/0.11.1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.