CVE-2023-26139
Published: 01 August 2023
Summary
CVE-2023-26139 is a high-severity Prototype Pollution (CWE-1321) vulnerability in Underscore-Keypath Project Underscore-Keypath. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 34.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-2296
Vulnerability details
Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.