Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Affecting chromium-browser package, versions *
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU1804-CHROMIUMBROWSER-3188955
- published 5 Jan 2023
- disclosed 25 Dec 2022
Introduced: 25 Dec 2022
CVE-2020-36632 Open this link in a new tabHow to fix?
There is no fixed version for Ubuntu:18.04 chromium-browser.
NVD Description
Note: Versions mentioned in the description apply only to the upstream chromium-browser package and not the chromium-browser package as distributed by Ubuntu.
See How to fix? for Ubuntu:18.04 relevant fixed versions and status.
A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to initiate the attack remotely. Upgrading to version 5.0.1 is able to address this issue. The name of the patch is 20ef0ef55dfa028caddaedbcb33efbdb04d18e13. It is recommended to upgrade the affected component. The identifier VDB-216777 was assigned to this vulnerability.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-36632
- https://github.com/hughsk/flat/pull/106
- https://vuldb.com/?ctiid.216777
- https://vuldb.com/?id.216777
- https://github.com/hughsk/flat/issues/105
- https://github.com/hughsk/flat/releases/tag/5.0.1
- https://github.com/hughsk/flat/commit/20ef0ef55dfa028caddaedbcb33efbdb04d18e13