@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-28T20:37:41.391Z
Updated: 2024-08-02T14:37:15.508Z
Reserved: 2023-04-18T16:13:15.882Z
Link: CVE-2023-30857
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-28T21:15:09.127
Modified: 2024-11-21T08:00:59.107
Link: CVE-2023-30857
Redhat
No data.