CVE-2021-23426 – proto

Package

Manager: npm
Name: proto
Vulnerable Version: >=0 <=1.1.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00263 pctl0.4947

Details

Prototype Pollution in Proto This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.

Metadata

Created: 2021-09-02T22:01:01Z
Modified: 2021-09-10T17:08:40Z
Source: MANUAL
CWE IDs: ["CWE-1321"]
Alternative ID: GHSA-58g2-9fqr-36q2
Finding: F390
Auto approve: 1