PT-2022-17192 · Bodymen · Bodymen

Cristian-Alexandru Staicu

Published

2022-03-17

Updated

2022-03-24

CVE-2022-25296

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions bodymen versions 0.0.0 and later

Description The issue allows for Prototype Pollution via the handler function, which can be tricked into adding or modifying properties of Object.prototype using a proto payload.

Recommendations For bodymen versions 0.0.0 and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2022-25296

GHSA-VHXC-FHM5-QCP9

SNYK-JS-BODYMEN-2342623

Affected Products

Bodymen

PT-2022-17192 · Bodymen · Bodymen

CVE-2022-25296

Weakness Enumeration

Related Identifiers

Affected Products

References · 6