PT-2021-19896 · Unknown · Think-Helper

Yoshino-S

Published

2021-06-30

Updated

2022-07-22

CVE-2021-32736

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions think-helper versions prior to 1.1.3

Description The software receives input from an upstream component that specifies attributes to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

Recommendations For think-helper versions prior to 1.1.3, upgrade to version 1.1.3 or later to resolve the issue.

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-915

Related Identifiers

CVE-2021-32736

GHSA-VR5M-3H59-7JCP

Affected Products

Think-Helper

PT-2021-19896 · Unknown · Think-Helper

CVE-2021-32736

Weakness Enumeration

Related Identifiers

Affected Products

References · 7