Описание
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-minimist | fixed | 1.2.6+~cs5.3.2-1 | package | |
| node-minimist | fixed | 1.2.5+~cs5.3.1-2+deb11u1 | bullseye | package |
| node-minimist | fixed | 1.2.0-1+deb10u2 | buster | package |
| node-minimist | end-of-life | stretch | package |
Примечания
https://github.com/substack/minimist/issues/164
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
The initial fix for prototype pollution (cf. SNYK-JS-MINIMIST-559764) in setKey()
was insufficient.
EPSS
Процентиль: 77%
0.01134
Низкий
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 3 лет назад
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
CVSS3: 3.1
redhat
больше 3 лет назад
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
CVSS3: 9.8
nvd
больше 3 лет назад
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
EPSS
Процентиль: 77%
0.01134
Низкий