Vulnerability Details CVE-2021-23682
This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.044
EPSS Ranking 88.4%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
- https://github.com/appwrite/appwrite/pull/2778
- https://github.com/appwrite/appwrite/releases/tag/0.11.1
- https://github.com/appwrite/appwrite/releases/tag/0.12.2
- https://github.com/litespeed-js/litespeed.js/pull/18
- https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250
- https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820
- https://github.com/appwrite/appwrite/pull/2778
- https://github.com/appwrite/appwrite/releases/tag/0.11.1
- https://github.com/appwrite/appwrite/releases/tag/0.12.2
- https://github.com/litespeed-js/litespeed.js/pull/18
- https://snyk.io/vuln/SNYK-JS-LITESPEEDJS-2359250
- https://snyk.io/vuln/SNYK-PHP-APPWRITESERVERCE-2401820
Products affected by CVE-2021-23682
-
cpe:2.3:a:appwrite:appwrite:-
-
cpe:2.3:a:appwrite:appwrite:0.1.13
-
cpe:2.3:a:appwrite:appwrite:0.1.15
-
cpe:2.3:a:appwrite:appwrite:0.10.0
-
cpe:2.3:a:appwrite:appwrite:0.10.1
-
cpe:2.3:a:appwrite:appwrite:0.10.2
-
cpe:2.3:a:appwrite:appwrite:0.10.3
-
cpe:2.3:a:appwrite:appwrite:0.10.4
-
cpe:2.3:a:appwrite:appwrite:0.11.0
-
cpe:2.3:a:appwrite:appwrite:0.12.0
-
cpe:2.3:a:appwrite:appwrite:0.12.1
-
cpe:2.3:a:appwrite:appwrite:0.2.0
-
cpe:2.3:a:appwrite:appwrite:0.3.0
-
cpe:2.3:a:appwrite:appwrite:0.4.0
-
cpe:2.3:a:appwrite:appwrite:0.5.0
-
cpe:2.3:a:appwrite:appwrite:0.5.1
-
cpe:2.3:a:appwrite:appwrite:0.5.2
-
cpe:2.3:a:appwrite:appwrite:0.5.3
-
cpe:2.3:a:appwrite:appwrite:0.6.0
-
cpe:2.3:a:appwrite:appwrite:0.6.1
-
cpe:2.3:a:appwrite:appwrite:0.6.2
-
cpe:2.3:a:appwrite:appwrite:0.7.0
-
cpe:2.3:a:appwrite:appwrite:0.7.1
-
cpe:2.3:a:appwrite:appwrite:0.7.2
-
cpe:2.3:a:appwrite:appwrite:0.8.0
-
cpe:2.3:a:appwrite:appwrite:0.9.0
-
cpe:2.3:a:appwrite:appwrite:0.9.1
-
cpe:2.3:a:appwrite:appwrite:0.9.2
-
cpe:2.3:a:appwrite:appwrite:0.9.3
-
cpe:2.3:a:appwrite:appwrite:0.9.4
-
cpe:2.3:a:litespeed.js_project:litespeed.js:-
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.1.0
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.1.1
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.1.2
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.1.3
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.1.4
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.1.5
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.1.6
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.1.7
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.1.8
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.2.1
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.2.2
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.2.3
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.2.4
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.2.5
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.2.6
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.2.7
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.2.8
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.2.9
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.3.0
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.3.1
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.3.10
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.3.11
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.3.2
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.3.3
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.3.5
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.3.6
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.3.7
-
cpe:2.3:a:litespeed.js_project:litespeed.js:0.3.9