Advisory 2023-06/04 Prototype Pollution of Object Returned by JSON5
| Vulnerability type | Prototype Pollution |
| Severity factors | This vulnerability has a CVSS score of 8.8 with a high severity rating. |
| Versions affected | FileCloud Versions 22.1 and earlier |
| Version fixed | FileCloud Version 23.1 and later |
Description
In the version of a JSON5 package used in FileCloud, attributes on prototype objects could have been maliciously modified, causing prototype pollution.
Fix
This vulnerabilities has been fixed in FileCloud version 23.1.0.22595.
What you should do to fix this vulnerability
- If you are using FileCloud Server, it is recommended that you update to the latest version, which is 23.1.0.22595 or greater. This will resolve the issue.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.