Advisory 2023-06/07 Prototype Pollution Vulnerability in Async Module
| Vulnerability type | Prototype Pollution |
| Severity factors | This vulnerability has a CVSS score of 7.8 with a high severity rating. |
| Versions affected | FileCloud Versions 22.1 and earlier |
| Version fixed | FileCloud Version 23.1 and later |
Description
Versions of async earlier than 3.2.2 could have enabled a malicious actor to modify attributes of an object prototype.
These vulnerabilities have been fixed in FileCloud version 23.1.0.22595 which upgrades async to a version above 3.2.3.
What you should do to fix this vulnerability
- If you are using FileCloud Server, it is recommended that you update to the latest version, which is 23.1.0.22595 or greater. This will resolve the issue.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.