CVE-2021-25927 - Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to

CVE-2021-25927

Summary

Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

References

https://github.com/jessie-codes/safe-flat/commit/4b9b7db976bba8c968354f4315f5f9c219b7cbf3
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25927

Vulnerable Configurations

cpe:2.3:a:safe-flat_project:safe-flat:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:safe-flat_project:safe-flat:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:safe-flat_project:safe-flat:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:safe-flat_project:safe-flat:2.0.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 08-08-2023 - 14:22)
Impact:
Exploitability:

CWE

CWE-1321

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

Last major update

08-08-2023 - 14:22

Published

26-04-2021 - 11:15

Last modified

08-08-2023 - 14:22