Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by proto_project
CVE-2021-23426 (GCVE-0-2021-23426)
Vulnerability from cvelistv5 – Published: 2021-09-01 14:25 – Updated: 2024-09-16 23:16
VLAI
Title
Prototype Pollution
Summary
This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.
Severity
CWE
- Prototype Pollution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-PROTO-1316301 | x_refsource_MISC |
| https://www.npmjs.com/package/Proto | x_refsource_MISC |
Date Public
2021-09-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-PROTO-1316301"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/package/Proto"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Proto",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vanshal Gaur"
}
],
"datePublic": "2021-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-01T14:25:10.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-PROTO-1316301"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/package/Proto"
}
],
"title": "Prototype Pollution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-09-01T14:23:25.224314Z",
"ID": "CVE-2021-23426",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proto",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vanshal Gaur"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-PROTO-1316301",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-PROTO-1316301"
},
{
"name": "https://www.npmjs.com/package/Proto",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/Proto"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23426",
"datePublished": "2021-09-01T14:25:10.624Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:46.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23426 (GCVE-0-2021-23426)
Vulnerability from nvd – Published: 2021-09-01 14:25 – Updated: 2024-09-16 23:16
VLAI
Title
Prototype Pollution
Summary
This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.
Severity
CWE
- Prototype Pollution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-PROTO-1316301 | x_refsource_MISC |
| https://www.npmjs.com/package/Proto | x_refsource_MISC |
Date Public
2021-09-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-PROTO-1316301"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/package/Proto"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Proto",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vanshal Gaur"
}
],
"datePublic": "2021-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-01T14:25:10.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-PROTO-1316301"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/package/Proto"
}
],
"title": "Prototype Pollution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-09-01T14:23:25.224314Z",
"ID": "CVE-2021-23426",
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Proto",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vanshal Gaur"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-PROTO-1316301",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-PROTO-1316301"
},
{
"name": "https://www.npmjs.com/package/Proto",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/Proto"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23426",
"datePublished": "2021-09-01T14:25:10.624Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:46.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}