CVE-2021-23442

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions @cookiex/deep versions prior to 0.0.7

Description The issue allows pollution of the global proto object using the proto object. This can potentially lead to unintended behavior or security issues in applications that use the @cookiex/deep package.

Recommendations For versions prior to 0.0.7, update to version 0.0.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the proto object in your application to minimize the risk of exploitation.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-915

Related Identifiers

CVE-2021-23442

GHSA-92V9-XH2Q-FQ9F

SNYK-JS-COOKIEXDEEP-1582793

Affected Products

@Cookiex/Deep

CVE-2021-23442

Weakness Enumeration

Related Identifiers

Affected Products

References · 9