Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-17T22:37:20.249Z
Updated: 2023-10-17T22:37:20.249Z
Reserved: 2023-10-13T12:00:50.437Z
Link: CVE-2023-45811
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-17T23:15:12.487
Modified: 2023-10-25T13:33:35.367
Link: CVE-2023-45811
JSON object: View
Redhat Information
No data.
CWE