Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype pollution vulnerability leading to arbitrary code execution in synchrony deobfuscator
Vulnerability Description
Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
CWE-1321
Vulnerability Title
synchrony 安全漏洞
Vulnerability Description
synchrony是relative个人开发者的一款 javascript-obfuscator 清理器和反混淆器。 synchrony v2.4.4之前版本存在安全漏洞,该漏洞源于存在原型污染漏洞。攻击者可利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A