{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T17:18:11.230","vulnerabilities":[{"cve":{"id":"CVE-2021-43852","sourceIdentifier":"security-advisories@github.com","published":"2022-01-04T20:15:07.730","lastModified":"2024-11-21T06:29:55.940","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. This issue has been patched in version 4.2.8. Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__` , `constructor[prototype]`, and `constructor.prototype` to mitigate this issue."},{"lang":"es","value":"OroPlatform es una plataforma de aplicaciones empresariales PHP. En las versiones afectadas, mediante el envío de una petición especialmente diseñada, un atacante podría inyectar propiedades en los prototipos de construcción del lenguaje JavaScript existentes, como los objetos. Posteriormente esta inyección podría conllevar a una ejecución de código JS por parte de las librerías que son vulnerables a una Contaminación de Prototipos. Este problema ha sido parcheado en la versión 4.2.8. Los usuarios que no puedan actualizar pueden configurar un firewall para que elimine las peticiones que contengan las siguientes cadenas \"__proto__\", \"constructor[prototype]\", y \"constructor.prototype\" para mitigar este problema"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.3},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.1.14","matchCriteriaId":"87F8B0EB-6235-4EA7-9D34-F2FDF469C1C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.8","matchCriteriaId":"2BB63725-D5A6-4440-BC10-A003B18ADF5B"}]}]}],"references":[{"url":"https://github.com/oroinc/platform/commit/62c26936b3adee9c20255dcd9f8ee5c299b464a9","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/oroinc/platform/security/advisories/GHSA-jx5q-g37m-h5hj","source":"security-advisories@github.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/oroinc/platform/commit/62c26936b3adee9c20255dcd9f8ee5c299b464a9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/oroinc/platform/security/advisories/GHSA-jx5q-g37m-h5hj","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]}]}}]}