this post was submitted on 23 Nov 2024
1 points (100.0% liked)

Technical Information Security Content & Discussion

8 readers
1 users here now

/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to...

founded 1 year ago
MODERATORS
[email protected]
1
Prototype Pollution in NASAs Open MCT CVE-2023-45282 (visionspace.com)
submitted 2 days ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
The original post: /r/netsec by /u/andy-codes on 2024-11-22 20:37:06.

In the article, I discuss a prototype pollution vulnerability (CVE-2023-45282) found in NASA's Open MCT. This flaw in JavaScript allows attackers to alter object prototypes, potentially leading to serious outcomes like privilege escalation or remote code execution (RCE). I explain how the vulnerability occurs in the "Import from JSON" feature, which can crash the application or lead to more dangerous exploits. Fortunately, NASA responded quickly to fix the issue, but it highlights the importance of securing deep merge operations in JavaScript.

This security research was originally published at VisionSpace Blog (https://visionspace.com/prototype-pollution-in-nasas-open-mct-cve-2023-45282/).

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here