CVE-2021-23413

🗓️ 25 Jul 2021 13:10:12Reported by snykType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 124 Views

CVE-2021-23413 affects jszip before 3.7.0. Crafting zip with prototype values results in modified prototype instance

Reporter	Title	Published	Views	Family All 29
IBM Security Bulletins	Security Bulletin: User Entity Behavior Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	28 Jan 202615:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Integration is vulnerable to jzsip (CVE-2021-23413)	15 Oct 202113:07	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Dependency Vulnerability	15 May 202318:40	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of Apache Derby, IBM Operations Analytics - Log Analysis is affected by Improperly Controlled Modification	30 Sep 202511:31	–	ibm
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for January 2026.	23 Feb 202609:25	–	ibm
ATTACKERKB	CVE-2021-23413	25 Jul 202113:09	–	attackerkb
Circl	CVE-2021-23413	25 Jul 202116:39	–	circl
CNNVD	jszip 安全漏洞	25 Jul 202100:00	–	cnnvd
Cvelist	CVE-2021-23413 Denial of Service (DoS)	25 Jul 202113:10	–	cvelist
Debian CVE	CVE-2021-23413	25 Jul 202113:10	–	debiancve

NVD

Node

jszip_project jszipRange<3.7.0node.js

[
  {
    "product": "jszip",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "3.7.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36
github	www.github.com/Stuk/jszip/blob/master/lib/object.js%23L88
snyk	www.snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1251499
snyk	www.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1251498
github	www.github.com/Stuk/jszip/pull/766
snyk	www.snyk.io/vuln/SNYK-JS-JSZIP-1251497

21 Nov 2024 05:51Current

5Medium risk

Vulners AI Score5

CVSS 25

CVSS 3.15.3

EPSS0.01214