[MAVEN:GHSA-QHXH-9HHX-6P7V] Prototype Pollution in GraphHopper
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
This affects the package com.graphhopper:graphhopper-web-bundle
before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload.
Package | Affected Version |
---|---|
pkg:maven/com.graphhopper/graphhopper-web-bundle | < 3.2 |
Package | Fixed Version |
---|---|
pkg:maven/com.graphhopper/graphhopper-web-bundle | = 3.2 |
- ID
- MAVEN:GHSA-QHXH-9HHX-6P7V
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-qhxh-9hhx-6p7v
- Published
-
2021-08-02T16:59:35
(3 years ago) - Modified
-
2023-02-01T05:05:54
(19 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/com.graphhopper/graphhopper-web-bundle | com.graphhopper | graphhopper-web-bundle | < 3.2 | |||
Fixed | pkg:maven/com.graphhopper/graphhopper-web-bundle | com.graphhopper | graphhopper-web-bundle | = 3.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |