CVE-2023-45282: Prototype Pollution in NASA Open MCT

October 6, 2023 (updated October 9, 2023)

In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action.

References

github.com/advisories/GHSA-4xcx-cwrq-w792
github.com/nasa/openmct/commit/2243381d527c0d84cc48e9ace78be7cda5363612
github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52
nasa.github.io/openmct/
nvd.nist.gov/vuln/detail/CVE-2023-45282

Code Behaviors & Features

Detect and mitigate CVE-2023-45282 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →