Lucene search
SnykCVELIST:CVE-2021-23329HistoryJan 31, 2021 - 3:25 p.m.
CVE-2021-23329 Prototype Pollution
2021-01-3115:25:14
snyk
www.cve.org
cve-2021-23329
prototype pollution
default function
poc
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
41.8%
The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.
CNA Affected
[
{
"product": "nested-object-assign",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-23329
2021-01-31 16:15:12
cve
cve
CVE-2021-23329
2021-01-31 16:15:12
huntr
huntr
Prototype Pollution in geta/nestedobjectassign
2021-01-28 00:00:00
prion
prion
Default credentials
2021-01-31 16:15:00
osv
osv
CVE-2021-23329
2021-01-31 16:15:12
Prototype pollution in nested-object-assign
2021-02-01 15:01:14
github
github
Prototype pollution in nested-object-assign
2021-02-01 15:01:14
veracode
veracode
Prototype Pollution
2021-02-01 02:09:21
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
41.8%
Related for CVELIST:CVE-2021-23329