CVE-2022-21213

Опубликовано: 17 июн. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. Note: This vulnerability derives from an incomplete fix of CVE-2020-7792.

Ссылки

https://github.com/mout/mout/blob/master/src/object/deepFillIn.js
Exploit
Third Party Advisory
https://github.com/mout/mout/blob/master/src/object/deepMixIn.js
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2870623
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2870622
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-MOUT-2342654
Exploit
Third Party Advisory
https://github.com/mout/mout/blob/master/src/object/deepFillIn.js
Exploit
Third Party Advisory
https://github.com/mout/mout/blob/master/src/object/deepMixIn.js
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2870623
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2870622
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-MOUT-2342654
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:moutjs:mout:*:*:*:*:*:node.js:*:*

EPSS

Процентиль: 81%

0.01484

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

GHSA-vvv8-xw5f-3f88