CVE-2022-22912

Published February 17th, 2022

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution.

TooTallNate/plist.js

Apple property list parser/builder for Node.js and browsers — supports XML, binary (bplist), and OpenStep formats

GitHub

599