3 matches found
@ayk/registry (=1.0.0), @cag-group/google-api-tools (=0.3.1) +339 more potentially affected by CVE-2021-25945 via js-extend (>=0.0.1 <=1.0.1)
js-extend NPM version =0.0.1, =0.6.2, =2.1.12, =1.0.2, =3.4.1, =17.0.0, =1.0.0, =0.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2021-25945 Source advisory: OSV:GHSA-MH82-55CM-6GFH...
CVE-2021-25945
Prototype pollution vulnerability in 'js-extend' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...
CVE-2021-25945
CVE-2021-25945 affects the npm module js-extend (versions 0.0.1–1.0.1). A prototype pollution flaw is described as enabling denial of service and potentially remote code execution. The connected sources reiterate the vulnerability and recommend avoiding js-extend, but no concrete patch/version is...