CVE-2021-3766 – objection

Package

Manager: npm
Name: objection
Vulnerable Version: >=0 <=2.2.15 || =3.0.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00359 pctl0.57402

Details

objection.js Prototype Pollution vulnerability objection.js prior to version 2.2.16 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). This issue is patched in version 2.2.16.

Metadata

Created: 2021-09-07T23:09:43Z
Modified: 2023-09-07T18:40:01Z
Source: MANUAL
CWE IDs: ["CWE-1321", "CWE-915"]
Alternative ID: GHSA-r659-8xfp-j327
Finding: F390
Auto approve: 1