CVE-2021-3766

Critical

objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

@huntrdev·CWE-915·Published 2021-09-06

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

119 chars

objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

NVDen

119 chars

objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

objection.js prior to version 2.2.16 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). This issue is patched in version 2.2.16.

GHSAen

185 chars

objection.js prior to version 2.2.16 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). This issue is patched in version 2.2.16.

NVDes

135 chars

objection.js es vulnerable a una Modificación Inapropiada de los Atributos de los Prototipos de Objetos ("Contaminación de Prototipos")

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.0	Primary	cve.org	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.0	Primary	cve.org	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.0	Secondary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H