CVE-2023-26113
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-26113
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26113.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-26113
- Aliases
- Published
- 2023-03-18T05:15:52.937Z
- Modified
- 2025-11-15T06:20:55.080433Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js.
- References
-
- https://github.com/kobezzza/Collection/blob/be32c48e68f49d3be48a58e929d1ab8ff1d2d19c/dist/node/iterators/extend.js%23L324
- https://github.com/kobezzza/Collection/issues/27
- https://github.com/kobezzza/Collection/releases/tag/v6.8.1
- https://security.snyk.io/vuln/SNYK-JS-COLLECTIONJS-3185148
- https://github.com/kobezzza/Collection/commit/d3d937645f62f37d3115d6aa90bb510fd856e6a2
Affected packages
Git / github.com/kobezzza/collection
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kobezzza/collection
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
v6.*
v6.0.8
v6.0.9
v6.1.0
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.3.10
v6.3.11
v6.3.12
v6.3.13
v6.3.14
v6.3.15
v6.3.16
v6.3.17
v6.3.18
v6.3.19
v6.3.2
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.3.7
v6.3.8
v6.3.9
v6.4.0
v6.5.0
v6.6.0
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7.0
v6.7.1
v6.7.10
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9