CVE-2021-3805

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: object-path (affected versions not specified)

Description: The issue is related to Improperly Controlled Modification of Object Prototype Attributes, also known as 'Prototype Pollution'. This occurs because the del() function does not properly validate which Object properties it deletes, allowing attackers to modify the prototype of Object. As a result, default properties like toString on all objects can be modified.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-915

Related Identifiers

CVE-2021-3805

DLA-3291-1

GHSA-8V63-CQQC-6R2C

USN-5967-1

Affected Products

Linuxmint

Ubuntu

Object-Path

CVE-2021-3805

Weakness Enumeration

Related Identifiers

Affected Products

References · 22