Lucene search

SnykCVELIST:CVE-2021-23370

HistoryApr 12, 2021 - 12:00 a.m.

CVE-2021-23370 Prototype Pollution

2021-04-1200:00:00

snyk

www.cve.org

package swiper

prototype pollution

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

AI Score

9.8

Confidence

High

EPSS

0.016

Percentile

87.3%

JSON

This affects the package swiper before 6.5.1.

CNA Affected

[
  {
    "product": "swiper",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "6.5.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/nolimits4web/swiper/commit/9dad2739b7474f383474773d5ab898a0c29ac178

snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1244698

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1244699

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBNOLIMITS4WEB-1244697

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244696

snyk.io/vuln/SNYK-JS-SWIPER-1088062

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

AI Score

9.8

Confidence

High

EPSS

0.016

Percentile

87.3%

JSON

Related for CVELIST:CVE-2021-23370