Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-45282: Protect against prototype pollution in import action by davetsay · Pull Request #7094 · nasa/openmct

In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action.

CVE
#js

Expand Up

@@ -20,6 +20,8 @@

* at runtime from the About dialog for additional information.

*****************************************************************************/

import { filter__proto__ } from '…/…/utils/sanitization’;

export default class LocalStorageObjectProvider {

constructor(spaceKey = ‘mct’) {

this.localStorage = window.localStorage;

Expand Down Expand Up

@@ -83,7 +85,7 @@ export default class LocalStorageObjectProvider {

* @private

*/

getSpaceAsObject() {

return JSON.parse(this.getSpace());

return JSON.parse(this.getSpace(), filter__proto__);

}

/**

Expand Down

Related news

CVE-2023-45281: Yamcs v5.8.6 Vulnerability Assessment

An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.

GHSA-4xcx-cwrq-w792: Prototype Pollution in NASA Open MCT

In NASA Open MCT (aka openmct) before commit 545a177 is subject to a prototype pollution which can occur via an import action.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907