PT-2021-15489 · Lutils · Lutils
Dung Le
·
Published
2021-06-17
·
Updated
2023-08-08
·
CVE-2021-23396
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
lutils versions prior to a fixed version
Description
The issue concerns Prototype Pollution via the main (merge) function. This allows for potential manipulation of the prototype, which can lead to various security issues.
Recommendations
For all versions of lutils, update to a version that includes a fix for the Prototype Pollution issue in the main (merge) function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lutils