Vulnerability Details : CVE-2022-1295
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.
Products affected by CVE-2022-1295
- cpe:2.3:a:fullpage_project:fullpage:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1295
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-1295
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
7.3
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
huntr.dev | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-1295
-
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.Assigned by: security@huntr.dev (Primary)
References for CVE-2022-1295
-
https://github.com/alvarotrigo/fullpage.js/commit/bf62492a22e5d296e63c3ed918a42fc5645a0d48
Merge pull request #4351 from alvarotrigo/dev · alvarotrigo/fullPage.js@bf62492 · GitHubPatch;Third Party Advisory
-
https://huntr.dev/bounties/3b9d450c-24ac-4037-b04d-4d4dafbf593a
Prototype Pollution vulnerability found in fullpage.jsExploit;Third Party Advisory
Jump to