CVE-2023-45811
CVSS V2 None
CVSS V3 None
Description
Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags
Overview
- CVE ID
- CVE-2023-45811
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-10-17T22:37:20.249Z
- Last Modified Date
- 2023-10-17T22:37:20.249Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/relative/synchrony/security/advisories/GHSA-jg82-xh3w-rhxx | x_refsource_CONFIRM |
| https://github.com/relative/synchrony/commit/b583126be94c4db7c5a478f1c5204bfb4162cf40 | x_refsource_MISC |
| https://github.com/relative/synchrony/security/advisories/src/transformers/literalmap.ts | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-45811 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45811 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 10:30:30 | Added to TrackCVE |