CVE-2023-26133 – progressbar.js

Package

Manager: npm
Name: progressbar.js
Vulnerable Version: >=0 <1.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00061 pctl0.19262

Details

progressbar.js vulnerable to Prototype Pollution All versions of the package progressbar.js prior to 1.1.1 are vulnerable to Prototype Pollution via the function extend() in the file utils.js.

Metadata

Created: 2023-06-12T06:30:17Z
Modified: 2023-10-09T20:17:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-89qm-hm2x-mxm3/GHSA-89qm-hm2x-mxm3.json
CWE IDs: ["CWE-1321"]
Alternative ID: GHSA-89qm-hm2x-mxm3
Finding: F390
Auto approve: 1