CVE-2019-10792 — Injection in Project Bodymen

CWE-74 — Injection CWE-1321 — Prototype Pollution6 documents3 sources

Severity

7.3HIGHNVD

NVD6.3GHSA6.3OSV6.3

EPSS

0.3%

top 43.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bodymen Project Bodymen

Timeline

PublishedFeb 18

Latest updateMar 18

Description

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages3 packages

▶CVEListV5bodymen_project/bodymen0.0.0 — unspecified

▶NVDbodymen_project/bodymen< 1.1.1+1

▶npmbodymen_project/bodymen< 1.1.1+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Prototype Pollution in bodymen↗2022-03-18

▶

OSV

Prototype Pollution in bodymen↗2022-03-18

▶

OSV

Injection in bodymen↗2021-04-13

▶

GHSA

Injection in bodymen↗2021-04-13

▶