CVE-2023-39296

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.1.3.2578 build 20231110 QNAP QuTS hero versions prior to 5.1.3.2578 build 20231110

Description A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. The vulnerability is related to uncontrolled modification of object prototype attributes. Exploitation may allow a remote attacker to cause a denial of service by sending specially crafted data.

Recommendations For QNAP QTS versions prior to 5.1.3.2578 build 20231110, update to version 5.1.3.2578 build 20231110 or later. For QNAP QuTS hero versions prior to 5.1.3.2578 build 20231110, update to version 5.1.3.2578 build 20231110 or later.