CVE-2023-45811

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-1321
View all →

Vulnerability Description

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `[email protected]`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags

Related Vulnerabilities

CVE-2020-7641

HIGH
CVSS:7.8(High)

This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CWE-13212020

CVE-2021-4278

HIGH
CVSS:7.8(High)

A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype...

CWE-13212021

CVE-2021-43138

HIGH
CVSS:7.8(High)

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

CWE-13212021

CVE-2023-30533

HIGH
CVSS:7.8(High)

SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.

CWE-13212023

CVE-2021-3666

HIGH
CVSS:7.6(High)

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-13212021

CVE-2021-3815

HIGH
CVSS:8.0(High)

utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-13212021