CVE-2021-42581

Опубликовано: 10 мая 2022

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "proto") as an argument to the function. NOTE: the vendor disputes this because the observed behavior only means that a user can create objects that the user didn't know would contain custom prototypes

Ссылки

https://github.com/ramda/ramda/pull/3192
Issue Tracking
Patch
Third Party Advisory
https://jsfiddle.net/3pomzw5g/2/
Exploit
Third Party Advisory
https://github.com/ramda/ramda/pull/3192
Issue Tracking
Patch
Third Party Advisory
https://jsfiddle.net/3pomzw5g/2/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ramdajs:ramda:*:*:*:*:*:*:*:*

Версия до 0.27.0 (включая)

EPSS

Процентиль: 38%

0.00165

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

CVE-2021-42581

CVSS3: 9.1

redhat

больше 3 лет назад

Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__") as an argument to the function. NOTE: the vendor disputes this because the observed behavior only means that a user can create objects that the user didn't know would contain custom prototypes

CVE-2021-42581

CVSS3: 9.1

debian

больше 3 лет назад

Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earl ...

GHSA-x9wq-pxpv-8p4v

github

больше 3 лет назад

EPSS

Процентиль: 38%

0.00165

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-1321