GHSA-r659-8xfp-j327

Опубликовано: 07 сент. 2021

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

objection.js Prototype Pollution vulnerability

objection.js prior to version 2.2.16 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). This issue is patched in version 2.2.16.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2021-3766
https://github.com/Vincit/objection.js/commit/46b842a6bc897198b83f41ac85c92864b991d7e9
https://github.com/vincit/objection.js/commit/b41aab8dcd78f426f7468dcda541a7aca18a66a6
https://huntr.dev/bounties/c98e0f0e-ebf2-4072-be73-a1848ea031cc

Пакеты

Наименование

objection

npm

Затронутые версииВерсия исправления

< 2.2.16

2.2.16

EPSS

Процентиль: 58%

0.00359

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2021-3766

Дефекты

CWE-1321

CWE-915

Связанные уязвимости

CVE-2021-3766

CVSS3: 9.8

nvd

больше 4 лет назад

objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

EPSS

Процентиль: 58%

0.00359

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2021-3766

Дефекты

CWE-1321

CWE-915