CVE-2023-0163
CVSS 3.1 Score 8.4 of 10 (high)
Details
Published Nov 26, 2024
Updated: Nov 27, 2024
CWE ID 1321
Summary
CVE-2023-0163 is a Prototype Pollution vulnerability affecting Mozilla Convict, an open-source library used for handling server-side configurations. This issue enables an attacker to inject or override object prototype attributes, potentially leading to crashes. Convict's primary use is for managing configurations written by server administrators; however, an unknowledgeable admin could inadvertently introduce malicious JavaScript code, creating a vulnerability for attacks. This issue was resolved in Convict version 6.2.4.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Mozilla