Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-45282

Good to know:

icon
icon

Date: October 5, 2023

In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action.

Language: JS

Severity Score

Related Resources (9)

https://nasa.github.io/openmct
https://www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282
https://github.com/nasa/openmct/compare/v3.0.2...v3.1.0
https://github.com/nasa/openmct/commit/2243381d527c0d84cc48e9ace78be7cda5363612
https://nvd.nist.gov/vuln/detail/CVE-2023-45282
https://nasa.github.io/openmct/
https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52
https://github.com/nasa/openmct
https://www.mend.io/vulnerability-database/CVE-2023-45282

Severity Score

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

icon

Upgrade Version

Upgrade to version openmct - 3.1.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us