<p>There is no fixed version for <code>Centos:8</code> <code>grafana-mysql</code>.</p>

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Affecting grafana-mysql package, versions *

Threat Intelligence

0.17% (55^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-CENTOS8-GRAFANAMYSQL-3022061
published 13 Sep 2022
disclosed 7 Apr 2022

Report a new vulnerability Found a mistake?

Introduced: 7 Apr 2022

CVE-2021-43138 Open this link in a new tab CWE-1321 Open this link in a new tab

How to fix?

There is no fixed version for Centos:8 grafana-mysql.

NVD Description

Note: Versions mentioned in the description apply only to the upstream grafana-mysql package and not the grafana-mysql package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Local
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

Required

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Affecting grafana-mysql package, versions *

Severity

Based on CentOS security rating