Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-17T22:37:20.249Z
Updated: 2024-09-13T15:29:09.089Z
Reserved: 2023-10-13T12:00:50.437Z
Link: CVE-2023-45811
Vulnrichment
Updated: 2024-08-02T20:29:32.516Z
NVD
Status : Modified
Published: 2023-10-17T23:15:12.487
Modified: 2024-11-21T08:27:24.200
Link: CVE-2023-45811
Redhat
No data.