[WEBUI-1522] [UNSET-VALUE] SRCCLR-SID-37811 | Unknown - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Web UI

Epic Link:
[May 2024] Security fixes for Web UI third-party libraries
Tags:
- nxui
- nxui-triaged
Sprint:
UI - 2024-7

Description

SRCCLR-SID-37811 | Unknown

Severity : High

unset-value is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the `module.exports` function in `index.js` and modify attributes such as `_proto_`, `constructor`, and `prototype` base objects.

Module : unset-value

nuxeo-web-ui.zip#zip:packages/nuxeo-designer-catalog/node_modules:unset-value

Current Version : 1.0.0

Recommended Upgrade Version : 2.0.1

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

image-2024-05-15-16-22-01-835.png
96 kB
2024-05-15 10:52

Activity

People

Assignee:

Unassigned

Reporter:

Madhur Kulshrestha

Participants:

Madhur Kulshrestha

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2024-05-14 12:25

Updated:

2024-06-06 08:59