#VU76520 Prototype pollution in mockery
Vulnerability identifier: #VU76520
Vulnerability risk: Critical
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-1321
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
mockery
Other software /
Other software solutions
Vendor: mockery
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to prototype pollution in the mockery.js script. A remote attacker can pass specially crafted input to the application to execute arbitrary code on the system.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability..
Vulnerable software versions
mockery: All versions
CPE
External links
http://github.com/mfncooper/mockery/blob/822f0566fd6d72af8c943ae5ca2aa92e516aa2cf/mockery.js#L119
http://github.com/mfncooper/mockery/blob/822f0566fd6d72af8c943ae5ca2aa92e516aa2cf/mockery.js#L62
http://github.com/mfncooper/mockery/issues/77
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
