Lucene search
GoogleOSV:CVE-2021-21304HistoryFeb 08, 2021 - 6:15 p.m.
CVE-2021-21304
2021-02-0818:15:13
Google
osv.dev
6
dynamoose
prototype pollution
vulnerability
version 2.0.0
version 2.7.0
patch
Dynamoose is an open-source modeling tool for Amazon’s DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method “lib/utils/object/set.ts”. This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability.
Related
github
github
Prototype Pollution in Dynamoose
2021-02-08 17:44:01
osv
osv
Prototype Pollution in Dynamoose
2021-02-08 17:44:01
nodejs
nodejs
Prototype Pollution
2021-02-22 17:14:57
prion
prion
Design/Logic Flaw
2021-02-08 18:15:00
veracode
veracode
Prototype Pollution
2021-02-09 06:39:21
cve
cve
CVE-2021-21304
2021-02-08 18:15:13
cvelist
cvelist
CVE-2021-21304 Prototype Pollution in Dynamoose
2021-02-08 17:40:17
nvd
nvd
CVE-2021-21304
2021-02-08 18:15:13