CVE-2021-3757

Опубликовано: 02 сент. 2021

Источник: nvd

CVSS3: 7.5

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Ссылки

https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237
Patch
Third Party Advisory
https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237
Patch
Third Party Advisory
https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:immer_project:immer:*:*:*:*:*:node.js:*:*

Версия до 9.0.5 (включая)

EPSS

Процентиль: 69%

0.00592

Низкий

7.5 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

CVE-2021-3757

CVSS3: 7.5

redhat

больше 4 лет назад

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

GHSA-c36v-fmgq-m8hx

CVSS3: 7.5

github

больше 4 лет назад

Prototype Pollution in immer

EPSS

Процентиль: 69%

0.00592

Низкий

7.5 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321