Uploaded image for project: 'Nuxeo Web UI'
  1. Nuxeo Web UI
  2. WEBUI-1522

[UNSET-VALUE] SRCCLR-SID-37811 | Unknown

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.36, 3.1.12
    • Component/s: Web UI

      Description

      SRCCLR-SID-37811 | Unknown

      Severity : High

      unset-value is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the `module.exports` function in `index.js` and modify attributes such as `_proto_`, `constructor`, and `prototype` base objects.

      Module : unset-value

      nuxeo-web-ui.zip#zip:packages/nuxeo-designer-catalog/node_modules:unset-value

      Current Version : 1.0.0

      Recommended Upgrade Version : 2.0.1

        Attachments

          Issue Links

          links to

          Web Link LTS-2021

          Web Link LTS-2023

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: