CVE-2023-0163 Vulnerability Details

  /     /     /  

CVE-2023-0163 Metadata Quick Info

CVE Published: 26/11/2024 | CVE Updated: 27/11/2024 | CVE Year: 2023
Source: mozilla | Vendor: Mozilla | Product: Convict
Status : PUBLISHED

---

CVE-2023-0163 Description

Improperly Controlled Modification of Object Prototype Attributes (\'Prototype Pollution\') vulnerability in Mozilla Convict. This allows an attacker to inject attributes that are used in other components, or to override existing attributes with ones that have incompatible type, which may lead to a crash. The main use case of Convict is for handling server-side configurations written by the admins owning the servers, and not random users. So it\'s unlikely that an admin would deliberately sabotage their own server. Still, a situation can happen where an admin not knowledgeable about JavaScript could be tricked by an attacker into writing the malicious JavaScript code into some config files. This issue affects Convict: before 6.2.4.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1321
CWE Name: CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ( Prototype Pollution )
Source: Mozilla

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).