cvedb.io
CVE-2023-30857
LOW · CVSS 3.7
EPSS exploitation probability: 0%
Published 2023-04-28T21:15:09.127 · Last modified 2026-06-17T05:55:47.243

Summary

@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.

Affected products

aedart — ion

Does this affect you?

Add your gear to cvedb and we'll alert you only when aedart ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.