How severe is CVE-2023-0163?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2023-0163?

This is classified as CWE-1321, which is a common weakness in software security.

CVE-2023-0163 - HIGH Severity | CVSS 8.4

Vulnerability Description

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mozilla Convict. This allows an attacker to inject attributes that are used in other components, or to override existing attributes with ones that have incompatible type, which may lead to a crash. The main use case of Convict is for handling server-side configurations written by the admins owning the servers, and not random users. So it's unlikely that an admin would deliberately sabotage their own server. Still, a situation can happen where an admin not knowledgeable about JavaScript could be tricked by an attacker into writing the malicious JavaScript code into some config files. This issue affects Convict: before 6.2.4.

Related Vulnerabilities

CVE-2024-32866

HIGH

CVSS:8.6(High)

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature in versions prior to 1.1.1, an at...

CWE-13212024

CVE-2023-26102

HIGH

CVSS:8.2(High)

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify pr...

CWE-13212023

CVE-2023-26158

HIGH

CVSS:8.2(High)

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying att...

CWE-13212023

CVE-2023-28103

HIGH

CVSS:8.2(High)

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the...

CWE-13212023

CVE-2023-28427

HIGH

CVSS:8.2(High)

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-j...

CWE-13212023

CVE-2024-21489

HIGH

CVSS:8.2(High)

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.

CWE-13212024