CRITICAL✓ PATCH🇬🇧 English

CVE-2021-26707

CVSS 9.8v3.1pub. 2021-06-02upd. 2024-11-21

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Merge Deep Project Merge Deep

    APP
    Merge-Deep Project
    < 3.0.3
  • Netapp E Series Performance Analyzer

    APP
    Netapp
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-20231CRITICAL9.8ten sam produkt

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory co...

CVE-2019-13272HIGH7.8⚠ KEVten sam produkt

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials ...

CVE-2022-45061HIGH7.5ten sam produkt

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when pr...

CVE-2021-3999HIGH7.8ten sam produkt

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corrupti...

CVE-2022-31097HIGH7.3ten sam produkt

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior ...