CVE-2021-32736

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32736

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32736.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32736

Aliases

GHSA-vr5m-3h59-7jcp

Related

GHSA-vr5m-3h59-7jcp

Published

2021-06-30T18:15:08Z

Modified

2025-01-08T08:05:35.561170Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.

References

https://github.com/thinkjs/think-helper/security/advisories/GHSA-vr5m-3h59-7jcp

Affected packages

Git / github.com/thinkjs/think-helper

Affected ranges

Type: GIT
Repo: https://github.com/thinkjs/think-helper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a2200d5b7cb41d8abf26342c85eb4f23db4c170f

Affected versions

1.*

1.0.20

v1.*

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.0.18

v1.0.2

v1.0.20

v1.0.22

v1.0.23

v1.0.3

v1.0.4

v1.0.6

v1.0.7

v1.0.8

v1.0.9