Lucene search
PRIOn knowledge basePRION:CVE-2021-21297HistoryFeb 26, 2021 - 5:15 p.m.
Design/Logic Flaw
2021-02-2617:15:00
PRIOn knowledge base
www.prio-n.com
1
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url.
Related
nvd
nvd
CVE-2021-21297
2021-02-26 17:15:12
github
github
Prototype Pollution in Node-Red
2021-02-26 16:31:05
osv
osv
Prototype Pollution in Node-Red
2021-02-26 16:31:05
CVE-2021-21297
2021-02-26 17:15:12
nodejs
nodejs
Prototype Pollution
2021-02-26 16:26:58
cve
cve
CVE-2021-21297
2021-02-26 17:15:12
veracode
veracode
Prototype Pollution
2021-03-01 09:31:59
cvelist
cvelist
CVE-2021-21297 Prototype Pollution in Node-Red
2021-02-26 16:20:17