CVE-2023-3696
CRITICAL10.0EPSS 0.46%Prototype Pollution in automattic/mongoose
發布日:2023/7/17修改日:2025/5/20
描述
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.
受影響套件(2)
- Bitnami/mongoosefrom 0, < 5.13.20, >= 6.0.0, < 6.11.3, >= 7.0.0, < 7.3.4
- npm/mongoose>= 7.0.0, < 7.3.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL10.0 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-3696
- PATCHhttps://github.com/Automattic/mongoose
- WEBhttps://github.com/automattic/mongoose/commit/305ce4ff789261df7e3f6e72363d0703e025f80d
- WEBhttps://github.com/Automattic/mongoose/commit/e29578d2ec18a68aeb4717d66dd5eb66bae53de1
- WEBhttps://github.com/Automattic/mongoose/commit/f1efabf350522257364aa5c2cb36e441cf08f1a2
- WEBhttps://github.com/Automattic/mongoose/releases/tag/7.3.3
- WEBhttps://huntr.dev/bounties/1eef5a72-f6ab-4f61-b31d-fc66f5b4b467