Home > Vulnerability Database > CVE-2023-30857

Mend.io Vulnerability Database

CVE-2023-30857

Good to know:

Date: April 28, 2023

@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version "0.6.1", there is a possible prototype pollution issue for the "MetadataRecord", when merged with a base class' metadata object, in "meta" decorator from the "@aedart/support" package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via "meta()". Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version "0.6.1".

Language: TYPE_SCRIPT

Severity Score

3.7

Related Resources (5)

Url: https://github.com/aedart/ion/security/advisories/GHSA-wwxh-74fx-33c6

Url: https://github.com/aedart/ion/commit/c3e2ee08710d4164d796ecb66ed291335dae9291

Url: https://github.com/aedart/ion

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30857

Url: https://www.mend.io/vulnerability-database/CVE-2023-30857

Severity Score

3.7

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version @aedart/support - 0.6.1

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30857

Good to know:

Date: April 28, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?