CVE-2023-45811
- Reference to the description:
- Description:
- Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `[email protected]`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags
- Last updated date:
- 10/25/2023
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/25/2023
- Reference url to background
https://github.com/relative/synchrony/security/advisories/GHSA-jg82-xh3w-rhxx