Описание
think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.3 (исключая)
cpe:2.3:a:thinkjs:think-helper:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 44%
0.00212
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-1321
CWE-1321
Связанные уязвимости
EPSS
Процентиль: 44%
0.00212
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-1321
CWE-1321