Lucene search
PRIOn knowledge basePRION:CVE-2021-23406HistoryAug 24, 2021 - 8:15 a.m.
Input validation
2021-08-2408:15:00
PRIOn knowledge base
www.prio-n.com
5
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pac-resolver | lt | 5.0.0 |
References
github.com/TooTallNate/node-degenerator/commit/9d25bb67d957bc2e5425fea7bf7a58b3fc64ff9e
github.com/TooTallNate/node-degenerator/commit/ccc3445354135398b6eb1a04c7d27c13b833f2d5
github.com/TooTallNate/node-pac-resolver/releases/tag/5.0.0
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1568506
snyk.io/vuln/SNYK-JS-PACRESOLVER-1564857
Related
redhatcve
redhatcve
CVE-2021-23406
2021-08-26 17:00:39
nodejs
nodejs
Code Injection
2021-09-20 18:55:08
osv
osv
CVE-2021-23406
2021-08-24 08:15:18
Code Injection in pac-resolver
2021-09-02 17:10:06
nvd
nvd
CVE-2021-23406
2021-08-24 08:15:18
thn
thn
Critical Bug Reported in NPM Package With Millions of Downloads Weekly
2021-09-13 13:48:00
ibm
ibm
cve
cve
CVE-2021-23406
2021-08-24 08:15:18
veracode
veracode
Remote Code Execution
2021-08-25 06:15:52
cvelist
cvelist
CVE-2021-23406 Remote Code Execution (RCE)
2021-08-24 00:00:00
github
github
Code Injection in pac-resolver
2021-09-02 17:10:06