think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an…
GitHub_M·CWE-1321·Published 2021-06-30
think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.
think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.
### Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. ### Patches `think-helper@1.1.3` patched it, anyone used `think-helper` should upgrade to `>=1.1.3` version. ### References https://cwe.mitre.org/data/definitions/1321.html ### For more information If you have any questions or comments about this advisory: * Open an issue in [thinkjs/thinkjs](https://github.com/thinkjs/thinkjs) * Email us at [i@imnerd.org](mailto:i@imnerd.org)
### Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. ### Patches `think-helper@1.1.3` patched it, anyone used `think-helper` should upgrade to `>=1.1.3` version. ### References https://cwe.mitre.org/data/definitions/1321.html ### For more information If you have any questions or comments about this advisory: * Open an issue in [thinkjs/thinkjs](https://github.com/thinkjs/thinkjs) * Email us at [i@imnerd.org](mailto:i@imnerd.org)
think-helper define un conjunto de funciones de ayuda para ThinkJS. En las versiones de think-helper anteriores a 1.1.3, el software recibe entradas de un componente ascendente que especifica atributos que deben ser inicializados o actualizados en un objeto, pero no controla apropiadamente las modificaciones de los atributos del prototipo del objeto. La vulnerabilidad está parcheada en la versión 1.1.3
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.0 | 10.0 | 2.9 | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| 3.1 | Primary | cve.org | 7.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | Primary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | Primary | cve.org | 7.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | Secondary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
| 3.1 | Secondary | GHSA | 7.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |