CVE-2021-43852: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
(updated )
OroPlatform is a PHP Business Application Platform. an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that is vulnerable to Prototype Pollution. This issue has been patched Users unable to upgrade may configure a firewall to drop requests containing next strings: __proto__
, constructor[prototype]
, and constructor.prototype
to mitigate this issue.
References
Detect and mitigate CVE-2021-43852 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →