JSON5 could allow unintended access to network services or have other
unspecified impact.
Software Description:
- node-json5: JSON for the ES5 era
Details:
It was discovered that the JSON5 parse method incorrectly handled the parsing
of keys named __proto__. An attacker could possibly use this issue to pollute
the prototype of the returned object, setting arbitrary or unexpected keys, and
cause a denial of service, allow unintended access to network services or have
other unspecified impact, depending on the application's use of the module.
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
node-json5 2.2.0+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
node-json5 0.5.1-3ubuntu0.1
Ubuntu 18.04 LTS
node-json5 0.5.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you may need to restart any services that use
the library to make all the necessary changes.https://ubuntu.com/security/notices/USN-6758-1
CVE-2022-46175
Get the latest Linux and open source security news straight to your inbox.