Preface: Java is highly functional in several data science processes like data analysis, including data import, cleaning data, deep learning, statistical analysis, Natural Language Processing (NLP), and data visualization.

Background: Open MCT Web is a platform single page applications which runs entirely in the browser. Most applications will want to additionally interact with server side resources, to (for example) read telemetry data or store user created objects. This interaction is handled by individual bundles using APIs which are supported in browser (such as XMLHttpRequest, typically wrapped by Angular’s $http).

Vulnerability details: In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action.

Ref: Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-45282