CVE-2021-28860

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-28860
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28860.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-28860
Aliases
Related
Published
2021-05-03T12:15:07Z
Modified
2025-01-08T10:41:53.566510Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).

References

Affected packages

Git / github.com/adaltas/node-mixme

Affected ranges

Type
GIT
Repo
https://github.com/adaltas/node-mixme
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.0.1
v0.1.0
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.5
v0.4.0
v0.5.0