CVE-2022-21803 - OpenCVE

This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nconf Project	Nconf

Configuration 1 [-]

cpe:2.3:a:nconf_project:nconf:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/indexzero/nconf/pull/397	Issue Tracking Patch Third Party Advisory
https://github.com/indexzero/nconf/releases/tag/v0.11.4	Release Notes Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2632450	Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-NCONF-2395478	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2022-04-12T00:00:00

Updated: 2022-04-12T15:20:12

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-21803

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-12T16:15:08.480

Modified: 2022-04-20T14:07:04.747

Link: CVE-2022-21803

JSON object: View

Redhat Information

No data.

CWE

CWE-1321

{"containers": {"cna": {"affected": [{"product": "nconf", "vendor": "n/a", "versions": [{"lessThan": "0.11.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Alessio Della Libera of Snyk Research Team"}], "datePublic": "2022-04-12T00:00:00", "descriptions": [{"lang": "en", "value": "This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 6.9, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Prototype Pollution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-12T15:20:12", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-NCONF-2395478"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2632450"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/indexzero/nconf/pull/397"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/indexzero/nconf/releases/tag/v0.11.4"}], "title": "Prototype Pollution", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2022-04-12T15:19:57.040836Z", "ID": "CVE-2022-21803", "STATE": "PUBLIC", "TITLE": "Prototype Pollution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "nconf", "version": {"version_data": [{"version_affected": "<", "version_value": "0.11.4"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Alessio Della Libera of Snyk Research Team"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Prototype Pollution"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-NCONF-2395478", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-NCONF-2395478"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2632450", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2632450"}, {"name": "https://github.com/indexzero/nconf/pull/397", "refsource": "MISC", "url": "https://github.com/indexzero/nconf/pull/397"}, {"name": "https://github.com/indexzero/nconf/releases/tag/v0.11.4", "refsource": "MISC", "url": "https://github.com/indexzero/nconf/releases/tag/v0.11.4"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-21803", "datePublished": "2022-04-12T00:00:00", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2022-04-12T15:20:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nconf_project:nconf:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "AE5C38D2-0CAD-43B8-AF82-F0BCF53A921B", "versionEndExcluding": "0.11.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set() function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to modify the properties on the Object.prototype."}, {"lang": "es", "value": "Esto afecta al paquete nconf versiones anteriores a 0.11.4. Cuando es usado el motor de memoria, es posible almacenar una representaci\u00f3n JSON anidada de la configuraci\u00f3n. La funci\u00f3n .set(), que es encargada de establecer las propiedades de la configuraci\u00f3n, es vulnerable a una contaminaci\u00f3n de prototipos. Al proporcionar una propiedad dise\u00f1ada, es posible modificar las propiedades en el Object.prototype"}], "id": "CVE-2022-21803", "lastModified": "2022-04-20T14:07:04.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2022-04-12T16:15:08.480", "references": [{"source": "report@snyk.io", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/indexzero/nconf/pull/397"}, {"source": "report@snyk.io", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/indexzero/nconf/releases/tag/v0.11.4"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2632450"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-NCONF-2395478"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1321"}], "source": "nvd@nist.gov", "type": "Primary"}]}