Количество 2
Количество 2
CVE-2021-23470
This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077
GHSA-4g77-cvgw-grvw
Prototype Pollution in putil-merge
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-23470 This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077 | CVSS3: 8.2 | 1% Низкий | около 4 лет назад |
| GHSA-4g77-cvgw-grvw Prototype Pollution in putil-merge | CVSS3: 8.2 | 1% Низкий | около 4 лет назад |
Уязвимостей на страницу