4 matches found
a6s-railway (>=0.2.0 <=0.2.3), fbl (>=1.5.0 <=1.15.0) potentially affected by CVE-2021-25914 via object-collider (=1.0.3)
object-collider NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on object-collider and may be impacted: - a6s-railway =0.2.0, =1.5.0, =1.15.0 Source cves: CVE-2021-25914 Source advisory: OSV:GHSA-85G2-29M8-QF2P...
CVE-2021-25914
Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution...
CVE-2021-25914
Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution...
CVE-2021-25914
The CVE-2021-25914 entry concerns the open-source library object-collider, affected in versions 1.0.0–1.0.3. The underlying issue is a prototype-pollution vulnerability that allows an attacker to cause a denial of service and may lead to remote code execution. Public references consistently descr...