Lucene search
SnykCVELIST:CVE-2021-23328HistoryJan 29, 2021 - 4:15 p.m.
CVE-2021-23328 Prototype Pollution
2021-01-2916:15:18
snyk
www.cve.org
1
vulnerability
iniparserjs
user input
arrays
overwrite
prototype pollution
CVSS3
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C
EPSS
0.001
Percentile
45.7%
This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
CNA Affected
[
{
"product": "iniparserjs",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Prototype Pollution
2021-02-01 03:58:33
prion
prion
Design/Logic Flaw
2021-01-29 17:15:00
cve
cve
CVE-2021-23328
2021-01-29 17:15:12
osv
osv
Prototype Pollution in iniparserjs
2021-04-13 15:20:09
github
github
Prototype Pollution in iniparserjs
2021-04-13 15:20:09
nvd
nvd
CVE-2021-23328
2021-01-29 17:15:12
CVSS3
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C
EPSS
0.001
Percentile
45.7%
Related for CVELIST:CVE-2021-23328