GitHub Advisory DatabaseGHSA-XVCH-5GV4-984HPrototype Pollution in minimist
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%
Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
References
github.com/advisories/GHSA-xvch-5gv4-984h
github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
github.com/minimistjs/minimist/commit/34e20b8461118608703d6485326abbb8e35e1703
github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb
github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d
github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11
github.com/minimistjs/minimist/commits/v0.2.4
github.com/minimistjs/minimist/issues/11
github.com/minimistjs/minimist/pull/24
github.com/substack/minimist/blob/master/index.js#L69
github.com/substack/minimist/issues/164
nvd.nist.gov/vuln/detail/CVE-2021-44906
snyk.io/vuln/SNYK-JS-MINIMIST-559764
stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.3%