CVE-2023-30363: Prototype Pollution in vConsole

April 26, 2023 (updated May 5, 2023)

vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts.

References

cwe.mitre.org/data/definitions/1321.html
github.com/Tencent/vConsole/issues/616
github.com/advisories/GHSA-f737-3fh6-jf6w
nvd.nist.gov/vuln/detail/CVE-2023-30363

Detect and mitigate CVE-2023-30363 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →