Vulnerability Description
Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `[email protected]`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Relative | Synchrony | >= 2.0.1, < 2.4.4 |
Related Weaknesses (CWE)
References
- https://github.com/relative/synchrony/commit/b583126be94c4db7c5a478f1c5204bfb416Patch
- https://github.com/relative/synchrony/security/advisories/GHSA-jg82-xh3w-rhxxExploitVendor Advisory
- https://github.com/relative/synchrony/security/advisories/src/transformers/literBroken Link
- https://github.com/relative/synchrony/commit/b583126be94c4db7c5a478f1c5204bfb416Patch
- https://github.com/relative/synchrony/security/advisories/GHSA-jg82-xh3w-rhxxExploitVendor Advisory
- https://github.com/relative/synchrony/security/advisories/src/transformers/literBroken Link
FAQ
What is CVE-2023-45811?
CVE-2023-45811 is a vulnerability with a CVSS score of 8.1 (HIGH). Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. ...
How severe is CVE-2023-45811?
CVE-2023-45811 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45811?
Check the references section above for vendor advisories and patch information. Affected products include: Relative Synchrony.