{"vulnerability": "CVE-2021-2356", "sightings": [{"uuid": "ae0ae506-c22a-47d6-9d64-09753f2bc176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23568", "type": "seen", "source": "https://t.me/cibsecurity/35169", "content": "\u203c CVE-2021-23568 \u203c\n\nThe package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-10T16:21:10.000000Z"}, {"uuid": "b86c5ae0-e141-4de8-9ddd-9bab42aa43cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23566", "type": "seen", "source": "https://t.me/cibsecurity/35586", "content": "\u203c CVE-2021-23566 \u203c\n\nThe package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-14T22:19:43.000000Z"}, {"uuid": "27c593f3-1a90-4e96-bc3d-9f4af6ae0b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23562", "type": "seen", "source": "https://t.me/cibsecurity/33340", "content": "\u203c CVE-2021-23562 \u203c\n\nThis affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-03T22:38:15.000000Z"}, {"uuid": "8a697400-9775-48e0-b521-04b953b1cc01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23562", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m4jerlxiuw2w", "content": "", "creation_timestamp": "2025-10-31T21:02:39.764217Z"}, {"uuid": "b5d5bf67-faef-43f7-b419-d9015c8e3600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23561", "type": "seen", "source": "https://t.me/cibsecurity/33765", "content": "\u203c CVE-2021-23561 \u203c\n\nAll versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-10T22:25:25.000000Z"}, {"uuid": "acc688b5-7de7-4811-af69-05851813a7ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2356", "type": "seen", "source": "https://t.me/cibsecurity/26319", "content": "\u203c CVE-2021-2356 \u203c\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-21T18:41:03.000000Z"}]}