Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-17T22:37:20.249Z

Updated: 2024-09-13T15:29:09.089Z

Reserved: 2023-10-13T12:00:50.437Z

Link: CVE-2023-45811

cve-icon Vulnrichment

Updated: 2024-08-02T20:29:32.516Z

cve-icon NVD

Status : Modified

Published: 2023-10-17T23:15:12.487

Modified: 2024-11-21T08:27:24.200

Link: CVE-2023-45811

cve-icon Redhat

No data.