CVE-2021-3805

Опубликовано: 17 сент. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Ссылки

https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
Patch
Third Party Advisory
https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00031.html
Mailing List
Third Party Advisory
https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
Patch
Third Party Advisory
https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00031.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:object-path_project:object-path:*:*:*:*:*:node.js:*:*

Версия до 0.11.8 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00154

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

CVE-2021-3805

CVSS3: 7.5

ubuntu

больше 4 лет назад

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVE-2021-3805

CVSS3: 7.5

redhat

больше 4 лет назад

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVE-2021-3805

CVSS3: 7.5

debian

больше 4 лет назад

object-path is vulnerable to Improperly Controlled Modification of Obj ...

GHSA-8v63-cqqc-6r2c

CVSS3: 7.5

github

больше 4 лет назад

Prototype Pollution in object-path

EPSS

Процентиль: 36%

0.00154

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-1321