In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).
References
Link | Resource |
---|---|
http://nodejs.com | Third Party Advisory URL Repurposed |
https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028 | Patch Third Party Advisory |
https://github.com/adaltas/node-mixme/issues/1 | Issue Tracking Third Party Advisory |
https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4 | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210618-0005/ | Third Party Advisory |
https://www.npmjs.com/~david | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-03T11:48:33
Updated: 2021-06-18T09:06:10
Reserved: 2021-03-19T00:00:00
Link: CVE-2021-28860
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-03T12:15:07.467
Modified: 2024-02-14T01:17:43.863
Link: CVE-2021-28860
JSON object: View
Redhat Information
No data.
CWE