PT-2023-20514 · Flatnest · Flatnest

Peng Zhou

Published

2023-06-30

Updated

2024-02-07

CVE-2023-26135

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions flatnest versions all

Description The issue concerns Prototype Pollution via the nest() function in the flatnest/nest.js file. This affects all versions of the package flatnest.

Recommendations For all versions, consider disabling the nest() function as a temporary workaround until a patch is available. Restrict access to the flatnest/nest.js file to minimize the risk of exploitation. Avoid using the nest() function in sensitive operations until the issue is resolved.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2023-26135

GHSA-7PX2-3C2P-Q4V4

Affected Products

Flatnest

PT-2023-20514 · Flatnest · Flatnest

CVE-2023-26135

Weakness Enumeration

Related Identifiers

Affected Products

References · 10