CVE-2021-23408

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions com.graphhopper:graphhopper-web-bundle versions prior to 3.2 com.graphhopper:graphhopper-web-bundle versions 4.0-pre1 through 4.0

Description The issue affects the URL parser, which could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload.

Recommendations For versions prior to 3.2, update to version 3.2 or later. For versions 4.0-pre1 through 4.0, update to a version later than 4.0.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2021-23408

GHSA-QHXH-9HHX-6P7V

SNYK-JAVA-COMGRAPHHOPPER-1320114

Affected Products

Graphhopper-Web-Bundle

CVE-2021-23408

Weakness Enumeration

Related Identifiers

Affected Products

References · 8