Fix CVE–2021–44906#27

Open

debricked[bot] wants to merge 1 commit intomainfrom

debricked-fix-CVE_2021_44906-e6b6c01af24afd80

debricked bot commented May 14, 2022

CVE–2021–44906

Vulnerable dependency: minimist (npm) 1.2.5 0.0.8 1.2.0 0.0.10

Vulnerability details

Description

NVD

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

GitHub

Prototype Pollution in minimist

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

CVSS details -

9.8

CVSS3 metrics
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity	High
Availability	High

References

    Prototype Pollution in minimist · CVE-2021-44906 · GitHub Advisory Database · GitHub
    THIRD PARTY
    insufficient fix for prototype pollution in setKey() CVE-2021-44906 · Issue #164 · substack/minimist · GitHub
    minimist/index.js at master · substack/minimist · GitHub
    javascript - Adding custom properties to a function - Stack Overflow
    JavaScript-vulnerability-detection/minimist PoC.zip at main · Marynk/JavaScript-vulnerability-detection · GitHub
    don't assign onto proto · substack/minimist@63e7ed0 · GitHub
    even more aggressive checks for protocol pollution · substack/minimist@38a4d1c · GitHub

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE


          Fix CVE–2021–44906

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet