Lucene search
@huntrdevCVELIST:CVE-2021-3918HistoryNov 13, 2021 - 12:00 a.m.
CVE-2021-3918 Prototype Pollution in kriszyp/json-schema
2021-11-1300:00:00
CWE-1321
@huntrdev
www.cve.org
7
json-schema
prototype pollution
cve-2021-3918
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.005
Percentile
76.9%
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)
CNA Affected
[
{
"vendor": "kriszyp",
"product": "kriszyp/json-schema",
"versions": [
{
"version": "unspecified",
"lessThanOrEqual": "0.3.0",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
osv
osv
node-json-schema - security update
2022-12-07 00:00:00
CVE-2021-3918
2021-11-13 09:15:06
json-schema is vulnerable to Prototype Pollution
2021-11-19 20:16:17
ibm
ibm
mageia
mageia
Updated nodejs-json-schema packages fix security vulnerability
2022-12-14 01:09:19
nvd
nvd
CVE-2021-3918
2021-11-13 09:15:06
openvas
openvas
Ubuntu: Security Advisory (USN-6103-1)
2023-05-25 00:00:00
Mageia: Security Advisory (MGASA-2022-0463)
2022-12-14 00:00:00
Debian: Security Advisory (DLA-3228-1)
2022-12-07 00:00:00
debian
debian
[SECURITY] [DLA 3228-1] node-json-schema security update
2022-12-06 19:15:29
nessus
nessus
Debian DLA-3228-1 : node-json-schema - LTS security update
2022-12-07 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : JSON Schema vulnerability (USN-6103-1)
2023-05-24 00:00:00
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0531-1)
2022-02-22 00:00:00
ubuntucve
ubuntucve
CVE-2021-3918
2021-11-13 00:00:00
cve
cve
CVE-2021-3918
2021-11-13 09:15:06
prion
prion
Code injection
2021-11-13 09:15:00
veracode
veracode
Prototype Pollution
2021-11-15 04:42:48
ubuntu
ubuntu
JSON Schema vulnerability
2023-05-24 00:00:00
redhatcve
redhatcve
CVE-2021-3918
2021-11-18 18:01:43
cnvd
cnvd
json-schema has an unspecified vulnerability
2021-11-16 00:00:00
huntr
huntr
Prototype Pollution in kriszyp/json-schema
2021-10-03 13:08:43
debiancve
debiancve
CVE-2021-3918
2021-11-13 09:15:06
github
github
json-schema is vulnerable to Prototype Pollution
2021-11-19 20:16:17
suse
suse
Security update for nodejs12 (important)
2022-03-02 00:00:00
Security update for nodejs8 (important)
2022-03-04 00:00:00
Security update for nodejs14 (important)
2022-03-04 00:00:00
redhat
redhat
almalinux
almalinux
Moderate: nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
Moderate: nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
oraclelinux
oraclelinux
nodejs:16 security, bug fix, and enhancement update
2021-12-16 00:00:00
nodejs:14 security, bug fix, and enhancement update
2022-02-02 00:00:00
rocky
rocky
nodejs:16 security, bug fix, and enhancement update
2021-12-15 19:09:29
nodejs:14 security, bug fix, and enhancement update
2022-02-01 20:08:39
12 bug fix and enhancement update
2022-06-21 11:47:44
redos
redos
ROS-20240403-01
2024-04-03 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.005
Percentile
76.9%
Related for CVELIST:CVE-2021-3918