CVE-2021-25953

2021-07-1410:34:46

Mend

www.cve.org

prototype pollution

putil-merge

denial of service

remote code execution

vulnerability

AI Score

9.8

Confidence

High

EPSS

0.007

Percentile

81.0%

JSON

Prototype pollution vulnerability in ‘putil-merge’ versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution.

CNA Affected

[
  {
    "product": "putil-merge",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "3.6.6, 3.6.5, 3.6.4, 3.6.3, 3.6.2, 3.6.1, 3.6.0, 3.5.2, 3.5.1, 3.5.0, 3.4.2, 3.4.1, 3.3.0, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.0, 2.2.0, 2.1.0, 2.0.2, 2.0.1, 2.0.0, 1.2.0, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.2, 1.0.1, 1.0.0"
      }
    ]
  }
]

References

www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25953