Prototype Pollution in minimist #276
Labels
Auto Create Issues
Label for Auto Created Issues
Critical
This label for Security Severity only
do-not-autoclose
Make bot can't close an Issues or PRs
Security
Label for Security Issues
Milestone
Description
Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file
index.js
, functionsetKey()
(lines 69-95).Severity Check
Severity Number
9.8 / 10
CVSS base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses
CWE-1321
CVE ID
CVE-2021-44906
GHSA ID
GHSA-xvch-5gv4-984h
Information
Package minimist (npm)
Affected versions
Patched versions
1.2.6
0.2.4
References
The text was updated successfully, but these errors were encountered: