Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IBM X-Force ID: 220063 Unset-value HIGH Severity Vulnerability #2641

Closed
1 task
himsgupta1122 opened this issue Oct 21, 2022 · 0 comments · Fixed by #2640
Closed
1 task

IBM X-Force ID: 220063 Unset-value HIGH Severity Vulnerability #2641

himsgupta1122 opened this issue Oct 21, 2022 · 0 comments · Fixed by #2640
Labels
bug Something isn't working cve Security vulnerabilities detected by Dependabot or Mend

Comments

@himsgupta1122
Copy link
Contributor

himsgupta1122 commented Oct 21, 2022
edited
Loading

Describe the bug
Potential issue with OpenSearch Dashboard image ( 2.3.0) and discovered the following issues:
Node.js unset-value module is vulnerable to a denial of service, caused by a prototype pollution flaw in the unset function
in index.js. By adding or modifying properties of Object.prototype using a proto or constructor payload, a remote
attacker could exploit this vulnerability to cause a denial of service condition.

  • Unset Value: Image contains unset value package version 1.0.1 and this has been resolved with version 2.0.1 [No reference to the CVE found]
@himsgupta1122 himsgupta1122 added bug Something isn't working untriaged labels Oct 21, 2022
@himsgupta1122 himsgupta1122 mentioned this issue Oct 21, 2022
Merged
10 tasks
@himsgupta1122 himsgupta1122 changed the title Unset-value HIGH Severity Vulnerability IBM X-Force ID: 220063 Unset-value HIGH Severity Vulnerability Oct 21, 2022
@zhongnansu zhongnansu added the cve Security vulnerabilities detected by Dependabot or Mend label Oct 21, 2022
@kavilla kavilla linked a pull request Oct 24, 2022 that will close this issue
[CVE 2022-3517] Bump minimatch to 3.0.5 and [IBM X-Force ID: 220063] unset-value to 2.0.1 #2640
Merged
10 tasks
@kavilla kavilla removed the untriaged label Oct 24, 2022
@kavilla kavilla closed this as completed Oct 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working cve Security vulnerabilities detected by Dependabot or Mend
Projects
None yet
Milestone
No milestone
3 participants
@kavilla @zhongnansu @himsgupta1122