CVE-2021-23574

Published: Dic 24, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-0557 Aliases: GHSA-c6h4-gc3f-hgjq
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0127
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Incomplete
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability
Potential Impacts:
Read Application Data Modify Application Data Dos: Crash, Exit, Or Restart
Applicable Platforms
Languages: JavaScript
View CWE Details
Application

Js-Data by Js-Data

Product Information
Vendor Js-Data
Product Js-Data
Version Range Affected
To 3.0.11 (exclusive)
cpe:2.3:a:js-data:js-data:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/js-data/js-data/blob/master/dist/js-data…
Broken Link Third Party Advisory
https://github.com/js-data/js-data/blob/master/dist/js-data.js%23L472
https://github.com/js-data/js-data/issues/576
Issue Tracking Patch Third Party Advisory
https://github.com/js-data/js-data/issues/576
https://github.com/js-data/js-data/issues/577
Issue Tracking Patch Third Party Advisory
https://github.com/js-data/js-data/issues/577
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
https://snyk.io/vuln/SNYK-JS-JSDATA-1584361
Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JSDATA-1584361
https://github.com/js-data/js-data/blob/master/dist/js-data…
Broken Link Third Party Advisory
https://github.com/js-data/js-data/blob/master/dist/js-data.js%23L472
https://github.com/js-data/js-data/issues/576
Issue Tracking Patch Third Party Advisory
https://github.com/js-data/js-data/issues/576
https://github.com/js-data/js-data/issues/577
Issue Tracking Patch Third Party Advisory
https://github.com/js-data/js-data/issues/577
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
https://snyk.io/vuln/SNYK-JS-JSDATA-1584361
Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JSDATA-1584361