Home > Vulnerability Database > CVE-2023-30857

Mend.io Vulnerability Database

CVE-2023-30857

Good to know:

Date: April 28, 2023

@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.

Language: TYPE_SCRIPT

Severity Score

3.7

Related Resources (4)

Url: https://github.com/aedart/ion/security/advisories/GHSA-wwxh-74fx-33c6

Url: https://github.com/aedart/ion/commit/c3e2ee08710d4164d796ecb66ed291335dae9291

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30857

Url: https://www.mend.io/vulnerability-database/CVE-2023-30857

Severity Score

3.7

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version @aedart/support - 0.6.1

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30857

Good to know:

Date: April 28, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?