GHSA-vr5m-3h59-7jcp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vr5m-3h59-7jcp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-vr5m-3h59-7jcp/GHSA-vr5m-3h59-7jcp.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-vr5m-3h59-7jcp
- Aliases
- Related
- Published
- 2021-07-01T17:01:59Z
- Modified
- 2023-11-01T04:55:29.269906Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Prototype Pollution in think-helper
- Details
-
Impact
The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Patches
think-helper@1.1.3patched it, anyone usedthink-helpershould upgrade to>=1.1.3version.References
https://cwe.mitre.org/data/definitions/1321.html
For more information
If you have any questions or comments about this advisory: * Open an issue in thinkjs/thinkjs * Email us at i@imnerd.org
- Database specific
{ "nvd_published_at": "2021-06-30T18:15:00Z", "github_reviewed_at": "2021-06-30T17:40:38Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-1321", "CWE-915" ] }- References
Affected packages
npm / think-helper
Package
- Name
- think-helper
- View open source insights on deps.dev
- Purl
- pkg:npm/think-helper