exploitDog

CVE-2021-23568

Опубликовано: 10 янв. 2022

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.

Ссылки

https://github.com/eggjs/extend2/blob/master/index.js%23L50-L60
Broken Link
https://github.com/eggjs/extend2/commit/aa332a59116c8398976434b57ea477c6823054f8
Patch
Third Party Advisory
https://github.com/eggjs/extend2/pull/2
Issue Tracking
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-EXTEND2-2320315
Exploit
Third Party Advisory
https://github.com/eggjs/extend2/blob/master/index.js%23L50-L60
Broken Link
https://github.com/eggjs/extend2/commit/aa332a59116c8398976434b57ea477c6823054f8
Patch
Third Party Advisory
https://github.com/eggjs/extend2/pull/2
Issue Tracking
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-EXTEND2-2320315
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eggjs:extend2:*:*:*:*:*:node.js:*:*

Версия до 1.0.1 (исключая)

EPSS

Процентиль: 65%

0.00502

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

GHSA-gjm5-83cw-p3p2

CVSS3: 7.3

github

около 4 лет назад

Prototype Pollution in extend2

EPSS

Процентиль: 65%

0.00502

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321