CVE Vulnerabilities

CVE-2019-10798

Published: Feb 24, 2020 | Modified: Mar 05, 2020
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype.

Affected Software

Name Vendor Start Version End Version
Rdf-graph-array Rdf-graph-array_project 0.3.0 (including) 0.3.0 (including)
Rdf-graph-array Rdf-graph-array_project 0.3.0-rc1 (including) 0.3.0-rc1 (including)
Rdf-graph-array Rdf-graph-array_project 0.3.0-rc6 (including) 0.3.0-rc6 (including)

References