Lucene search
Veracode Vulnerability DatabaseVERACODE:35003HistoryApr 07, 2022 - 4:36 a.m.
Prototype Pollution
2022-04-0704:36:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
26
vulnerability
async
mapvalues
malicious property types
unintended privileges
EPSS
0.002
Percentile
54.3%
async is vulnerable to prototype pollution. An attacker is able to inject malicious property types via mapValues method and gain unintended privileges due to prototype pollution vulnerability.
References
github.com/caolan/async/blob/master/lib/internal/iterator.js
github.com/caolan/async/blob/master/lib/mapValuesLimit.js
github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264
github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d
github.com/caolan/async/compare/v2.6.3...v2.6.4
github.com/caolan/async/pull/1828
jsfiddle.net/oz5twjd9/
lists.fedoraproject.org/archives/list/[email protected]/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/
lists.fedoraproject.org/archives/list/[email protected]/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/
Related
ibm
ibm
nvd
nvd
CVE-2021-43138
2022-04-06 17:15:08
cvelist
cvelist
CVE-2021-43138
2022-04-06 00:00:00
debiancve
debiancve
CVE-2021-43138
2022-04-06 17:15:08
github
github
Prototype Pollution in async
2022-04-07 00:00:17
redhatcve
redhatcve
CVE-2021-43138
2022-09-13 08:13:03
osv
osv
CVE-2021-43138
2022-04-06 17:15:08
Prototype Pollution in async
2022-04-07 00:00:17
prion
prion
Design/Logic Flaw
2022-04-06 17:15:00
cve
cve
CVE-2021-43138
2022-04-06 17:15:08
openvas
openvas
Fedora: Security Advisory for yarnpkg (FEDORA-2023-ce8943223c)
2023-01-22 00:00:00
Fedora: Security Advisory for yarnpkg (FEDORA-2023-18fd476362)
2023-01-22 00:00:00
Fedora: Security Advisory for yarnpkg (FEDORA-2023-2e38c3756f)
2023-03-30 00:00:00
nessus
nessus
RHEL 9 : pcs (Unpatched Vulnerability)
2024-06-03 00:00:00
Fedora 36 : yarnpkg (2023-18fd476362)
2023-01-21 00:00:00
Fedora 37 : yarnpkg (2023-ce8943223c)
2023-01-21 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: yarnpkg-1.22.19-3.fc37
2023-01-21 03:34:16
[SECURITY] Fedora 36 Update: yarnpkg-1.22.19-3.fc36
2023-01-21 03:43:23
[SECURITY] Fedora 36 Update: yarnpkg-1.22.19-5.fc36
2023-03-30 01:16:12
redos
redos
ROS-20240704-07
2024-07-04 00:00:00
ROS-20240403-01
2024-04-03 00:00:00
redhat
redhat