How severe is CVE-2023-30857?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2023-30857?

This is classified as CWE-1321, which is a common weakness in software security.

CVE-2023-30857 - LOW Severity | CVSS 3.7

Vulnerability Description

@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.

Related Vulnerabilities

CVE-2019-10806

MEDIUM

CVSS:4.3(Medium)

vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.

CWE-13212019

CVE-2021-23408

MEDIUM

CVSS:4.3(Medium)

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using ...

CWE-13212021

CVE-2024-45277

MEDIUM

CVSS:4.3(Medium)

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. Th...

CWE-13212024

CVE-2024-2495

MEDIUM

CVSS:4.4(Medium)

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of ...

CWE-13212024

CVE-2020-7600

MEDIUM

CVSS:5.3(Medium)

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused ...

CWE-13212020

CVE-2020-7608

MEDIUM

CVSS:5.3(Medium)

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.

CWE-13212020