CVE-2021-23574

Sažetak

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655).

Reference

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
https://snyk.io/vuln/SNYK-JS-JSDATA-1584361
https://github.com/js-data/js-data/blob/master/dist/js-data.js%23L472
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
https://github.com/js-data/js-data/issues/576
https://github.com/js-data/js-data/issues/577

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-01-2022 - 17:09

Objavljeno

24-12-2021 - 20:15