Lucene search
SnykCVELIST:CVE-2021-23426HistorySep 01, 2021 - 2:25 p.m.
CVE-2021-23426 Prototype Pollution
2021-09-0114:25:10
snyk
www.cve.org
3
security vulnerability
package proto
object property injection
merge function
CVSS3
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C
EPSS
0.001
Percentile
34.6%
This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.
CNA Affected
[
{
"product": "Proto",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Prototype Pollution
2021-09-02 01:44:44
nvd
nvd
CVE-2021-23426
2021-09-01 15:15:08
osv
osv
Prototype Pollution in Proto
2021-09-02 22:01:01
prion
prion
Design/Logic Flaw
2021-09-01 15:15:00
github
github
Prototype Pollution in Proto
2021-09-02 22:01:01
cve
cve
CVE-2021-23426
2021-09-01 15:15:08
CVSS3
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C
EPSS
0.001
Percentile
34.6%
Related for CVELIST:CVE-2021-23426