GHSA-8v63-cqqc-6r2c

Опубликовано: 20 сент. 2021

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Prototype Pollution in object-path

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). The del() function fails to validate which Object properties it deletes. This allows attackers to modify the prototype of Object, causing the modification of default properties like toString on all objects.

Ссылки

Пакеты

Наименование

object-path

npm

Затронутые версииВерсия исправления

< 0.11.8

0.11.8

EPSS

Процентиль: 36%

0.00154

Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-3805

Дефекты

CWE-1321

CWE-915

Связанные уязвимости

CVE-2021-3805

CVSS3: 7.5

ubuntu

больше 4 лет назад

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVE-2021-3805

CVSS3: 7.5

redhat

больше 4 лет назад

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVE-2021-3805

CVSS3: 7.5

nvd

больше 4 лет назад

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVE-2021-3805

CVSS3: 7.5

debian

больше 4 лет назад

object-path is vulnerable to Improperly Controlled Modification of Obj ...

EPSS

Процентиль: 36%

0.00154

Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-3805

Дефекты

CWE-1321

CWE-915