Lucene search
Veracode Vulnerability DatabaseVERACODE:29534HistoryMar 01, 2021 - 9:31 a.m.
Prototype Pollution
2021-03-0109:31:59
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
34.5%
node-red is vulnerable to prototype pollution. It does not make sure to prevent unauthorized user to access the editor url, allowing an attacker to send a badly formed request to modify the Node-RED runtime behaviour.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @node-red/editor-api | le | 1.2.7 | |
| @node-red/runtime | le | 1.2.7 | |
| @node-red/editor-api | le | 1.2.7 | |
| @node-red/runtime | le | 1.2.7 |
Related
nvd
nvd
CVE-2021-21297
2021-02-26 17:15:12
github
github
Prototype Pollution in Node-Red
2021-02-26 16:31:05
osv
osv
Prototype Pollution in Node-Red
2021-02-26 16:31:05
CVE-2021-21297
2021-02-26 17:15:12
prion
prion
Design/Logic Flaw
2021-02-26 17:15:00
nodejs
nodejs
Prototype Pollution
2021-02-26 16:26:58
cve
cve
CVE-2021-21297
2021-02-26 17:15:12
cvelist
cvelist
CVE-2021-21297 Prototype Pollution in Node-Red
2021-02-26 16:20:17