Home > Vulnerability Database > CVE-2022-39357

Mend.io Vulnerability Database

CVE-2022-39357

Good to know:

Date: October 26, 2022

Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.

Language: PHP

Severity Score

9.8

Related Resources (7)

Url: https://github.com/wintercms/winter/commit/bce4b59584abf961e9400af3d7a4fd7638e26c7f

Url: https://github.com/wintercms/winter/commit/2a13faf99972e84c9661258f16c4750fa99d29a1

Url: https://github.com/wintercms/winter/releases/tag/v1.2.1

Url: https://github.com/wintercms/winter/security/advisories/GHSA-3fh5-q6fg-w28q

Url: https://github.com/wintercms/winter/releases/tag/v1.1.10

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39357

Url: https://www.mend.io/vulnerability-database/CVE-2022-39357

Severity Score

9.8

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version v1.1.10,v1.2.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39357

Good to know:

Date: October 26, 2022

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?