Security Advisory

CVE-2021-43852

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-04 19:40:10

Last updated 2025-04-23 19:15:19

Assigner GitHub_M

State PUBLISHED

Description

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. This issue has been patched in version 4.2.8. Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__` , `constructor[prototype]`, and `constructor.prototype` to mitigate this issue.

← Browse all CVEs View on cve.org ↗