CVE-2021-23440 - OpenCVE

This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Communications Cloud Native Core Policy
Set-value Project	Set-value

Configuration 1 [-]

OR	cpe:2.3:a:set-value_project:set-value::::::node.js::*
	cpe:2.3:a:set-value_project:set-value::::::node.js::*

Configuration 2 [-]

cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452	Patch Third Party Advisory
https://github.com/jonschlinkert/set-value/pull/33	Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212	Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541	Exploit Third Party Advisory
https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/	Exploit Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2021-09-12T00:00:00

Updated: 2022-02-07T14:41:48

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23440

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-12T13:15:07.383

Modified: 2022-03-29T16:39:42.710

Link: CVE-2021-23440

JSON object: View

Redhat Information

No data.

CWE

CWE-843

{"containers": {"cna": {"affected": [{"product": "set-value", "vendor": "n/a", "versions": [{"status": "affected", "version": "<2.0.1"}, {"status": "affected", "version": ">=3.0.0 <4.0.1"}]}], "credits": [{"lang": "en", "value": "Alessio Della Libre"}, {"lang": "en", "value": "ready-research"}], "datePublic": "2021-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Prototype Pollution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-07T14:41:48", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452"}, {"tags": ["x_refsource_MISC"], "url": "https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/jonschlinkert/set-value/pull/33"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}], "title": "Prototype Pollution", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-09-12T12:51:31.094191Z", "ID": "CVE-2021-23440", "STATE": "PUBLIC", "TITLE": "Prototype Pollution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "set-value", "version": {"version_data": [{"version_value": "<2.0.1"}, {"version_value": ">=3.0.0 <4.0.1"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Alessio Della Libre"}, {"lang": "eng", "value": "ready-research"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Prototype Pollution"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212"}, {"name": "https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452", "refsource": "MISC", "url": "https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452"}, {"name": "https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/", "refsource": "MISC", "url": "https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/"}, {"name": "https://github.com/jonschlinkert/set-value/pull/33", "refsource": "MISC", "url": "https://github.com/jonschlinkert/set-value/pull/33"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2021-23440", "datePublished": "2021-09-12T00:00:00", "dateReserved": "2021-01-08T00:00:00", "dateUpdated": "2022-02-07T14:41:48", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:set-value_project:set-value:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "DCB6675E-2AC8-41C4-BC11-023E5E61AAF6", "versionEndExcluding": "2.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:set-value_project:set-value:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7DB12963-7C6C-4751-B75E-952E6A490239", "versionEndExcluding": "4.0.1", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays."}, {"lang": "es", "value": "Esto afecta al paquete set-value anterior a la versi\u00f3n 2.0.1, posterior o igual a la versi\u00f3n 3.0.0 y anterior a la versi\u00f3n 4.0.1. Una vulnerabilidad de confusi\u00f3n de tipos puede conducir a una derivaci\u00f3n de CVE-2019-10747 cuando las claves proporcionadas por el usuario utilizadas en el par\u00e1metro de ruta son matrices"}], "id": "CVE-2021-23440", "lastModified": "2022-03-29T16:39:42.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2021-09-12T13:15:07.383", "references": [{"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jonschlinkert/set-value/pull/33"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}]}