exploitDog

CVE-2021-3645

Опубликовано: 10 сент. 2021

Источник: nvd

CVSS3: 6.8

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Ссылки

https://github.com/viking04/merge/commit/baba40332080b38b33840d2614df6d4142dedaf6
Patch
Third Party Advisory
https://huntr.dev/bounties/ef387a9e-ca3c-4c21-80e3-d34a6a896262
Exploit
Third Party Advisory
https://github.com/viking04/merge/commit/baba40332080b38b33840d2614df6d4142dedaf6
Patch
Third Party Advisory
https://huntr.dev/bounties/ef387a9e-ca3c-4c21-80e3-d34a6a896262
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:merge_project:merge:*:*:*:*:*:node.js:*:*

Версия до 1.0.2 (исключая)

EPSS

Процентиль: 63%

0.00453

Низкий

6.8 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321

CWE-1321

Связанные уязвимости

GHSA-cqqh-49mx-fq63

CVSS3: 9.8

github

больше 4 лет назад

merge vulnerable to Prototype Pollution

EPSS

Процентиль: 63%

0.00453

Низкий

6.8 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321

CWE-1321