PT-2024-25776 · Njwt · Njwt
Published
2024-05-16
·
Updated
2024-08-01
·
CVE-2024-34273
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
njwt versions up to 0.4.0
Description
The issue is related to a prototype pollution in the
Parser.prototype.parse method. This method is part of the njwt library, which suggests the pollution occurs during the parsing process, potentially allowing an attacker to modify the prototype of an object.Recommendations
For njwt versions up to 0.4.0, update to a version higher than 0.4.0 to resolve the issue.
As a temporary workaround, consider restricting the use of the
Parser.prototype.parse method until a patch is available.Exploit
Fix
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Njwt