PT-2022-11625 · Ramda · Ramda
Published
2022-05-10
·
Updated
2024-08-04
·
CVE-2021-42581
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ramda versions 0.27.0 and earlier
Description
The issue allows attackers to compromise the integrity or availability of an application by supplying a crafted object that contains an own property
proto as an argument to the mapObjIndexed function. This can lead to prototype poisoning.Recommendations
For Ramda versions 0.27.0 and earlier, consider avoiding the use of the
mapObjIndexed function with untrusted input until a fix is available. As a temporary workaround, consider validating and sanitizing any objects passed to this function to prevent the inclusion of custom prototypes.Exploit
Fix
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ramda