CVE-2021-23413

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-23413

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23413.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-23413

Aliases

GHSA-jg8v-48h5-wgxg
SNYK-JAVA-ORGWEBJARS-1251499
SNYK-JAVA-ORGWEBJARSNPM-1251498
SNYK-JS-JSZIP-1251497

Related

UBUNTU-CVE-2021-23413

Published

2021-07-25T13:15:07Z

Modified

2024-10-12T06:59:18.013672Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g proto, toString, etc) results in a returned object with a modified prototype instance.

References

Affected packages

Debian:11 / node-jszip

Package

Name: node-jszip
Purl: pkg:deb/debian/node-jszip?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / node-jszip

Package

Name: node-jszip
Purl: pkg:deb/debian/node-jszip?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / node-jszip

Package

Name: node-jszip
Purl: pkg:deb/debian/node-jszip?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/stuk/jszip

Affected ranges

Type: GIT
Repo: https://github.com/stuk/jszip
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

22357494f424178cb416cdb7d93b26dd4f824b36

Affected versions

v1.*

v1.0.0

v1.0.1

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.2.0

v2.2.1

v2.2.2

v2.3.0

v2.4.0

v2.5.0

v2.6.0

v3.*

v3.0.0

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.2.0

v3.2.1

v3.2.2

v3.3.0

v3.4.0

v3.5.0

v3.6.0