PT-2021-16879 · Unknown · Putil-Merge
Published
2021-07-14
·
Updated
2023-08-08
·
CVE-2021-25953
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
putil-merge versions 1.0.0 through 3.6.6
Description
The issue allows an attacker to cause a denial of service and may lead to remote code execution due to a prototype pollution vulnerability.
Recommendations
For versions 1.0.0 through 3.6.6, update to a version later than 3.6.6 to resolve the issue.
At the moment, there is no information about additional mitigation measures for this vulnerability.
Exploit
Fix
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Putil-Merge