CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-1728

Malicious code in bioql PyPI...

7.8CVSS7.1AI score0.03372EPSS

Exploits1References21

BDU FSTEC•added 2024/04/04 12:0 a.m.•3 views

The vulnerability of the mapValues() function in the Async utility module allows for unauthorized access to asynchronous JavaScript operations, enabling attackers to gain increased privileges.

The vulnerability of the mapValues function in the Async utility module, which is used for handling asynchronous JavaScript operations, is related to improperly controlled modifications of object prototype attributes. Exploiting this vulnerability can allow a remote attacker to gain increased...

7.8CVSS6.8AI score0.03372EPSS

Exploits1References8Affected Software2

SUSE CVE•added 2023/02/15 3:37 a.m.•2 views

SUSE CVE-2021-43138

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...

7.8CVSS8.7AI score0.03372EPSS

Exploits1References18

RedhatCVE•added 2022/09/13 8:13 a.m.•42 views

CVE-2021-43138

A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues method...

7.8CVSS5.4AI score0.03372EPSS

Exploits1References4

Veracode•added 2022/04/07 4:36 a.m.•54 views

Prototype Pollution

async is vulnerable to prototype pollution. An attacker is able to inject malicious property types via mapValues method and gain unintended privileges due to prototype pollution vulnerability...

7.8CVSS5.2AI score0.03372EPSS

Exploits1References12Affected Software5

OSV•added 2022/04/07 12:0 a.m.•0 views

GHSA-FWR7-V2MV-HH25 Prototype Pollution in async

A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x fixed in 3.2.2 and 2.6.4, which could let a malicious user obtain privileges via the mapValues method...

7.8CVSS6.8AI score0.03372EPSS

Exploits1References15

Github Security Blog•added 2022/04/07 12:0 a.m.•77 views

Prototype Pollution in async

A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x fixed in 3.2.2 and 2.6.4, which could let a malicious user obtain privileges via the mapValues method...

7.8CVSS4.7AI score0.03372EPSS

Exploits1References15Affected Software1

NVD•added 2022/04/06 5:15 p.m.•26 views

CVE-2021-43138

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...

7.8CVSS0.03372EPSS

Exploits1References10

Prion•added 2022/04/06 5:15 p.m.•33 views

Design/Logic Flaw

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...

6.8CVSS8.5AI score0.03372EPSS

Exploits1References9Affected Software2

CVE•added 2022/04/06 12:0 a.m.•286 views

CVE-2021-43138

CVE-2021-43138 affects Async (lib/iterator.js) where mapValues() enables prototype pollution via createObjectIterator, allowing a malicious user to obtain privileges. Affected: Async before 2.6.4 and 3.x before 3.2.2. Root cause: prototype pollution in Object prototype through pollution of mapVal...

7.8CVSS8.4AI score0.03372EPSS

Exploits1References10Affected Software1

Cvelist•added 2022/04/06 12:0 a.m.•26 views

CVE-2021-43138

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues method, aka lib/internal/iterator.js createObjectIterator prototype pollution...

8.8AI score0.03372EPSS

Exploits1References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by