js · @deepstream/serverCrítico
@deepstream/server <=10.0.4: Prototype Pollution Privilege Escalation
Prototype pollution vulnerability in deepstream server versions <=10.
O que mudou
Prototype pollution vulnerability in deepstream server versions <=10.0.4 allows privilege escalation from any authenticated user with write permission to any record.
Quem isso afeta
All users of deepstream/server versions <=10.0.4, especially those with authenticated users having write permissions.
O que fazer hoje
Atualize para a versão 10.0.5 ou aplique workaround filtrando mensagens contendo caminhos __proto__, constructor, prototype antes de chegar ao pipeline de mensagens do servidor.
A esteira
Coletado→
Auditado→
Redigido→
Publicado