The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2022-12-23T23:03:51.372448Z
Updated: 2024-09-17T02:31:34.138Z
Reserved: 2022-02-24T00:00:00
Link: CVE-2022-25948
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-12-22T05:15:10.487
Modified: 2022-12-30T22:00:48.180
Link: CVE-2022-25948
Redhat
No data.