-
-
Notifications
You must be signed in to change notification settings - Fork 193
Expand file tree
/
Copy pathsnip.html
More file actions
17 lines (17 loc) · 755 Bytes
/
snip.html
File metadata and controls
17 lines (17 loc) · 755 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<p><strong>Prototype Pollution</strong></p>
<p>All versions of lodash versions before 4.17.21 are vulnerable to Prototype pollution via the toObject converter. This
allows attackers to inject arbitrary properties on Object.prototype which may lead to Denial of Service or Remote
Code Execution in specific circumstances.</p>
<p><strong>CVE ID(s):</strong> <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23337">CVE-2021-23337</a></p>
<p><strong>CWE ID(s):</strong> CWE-1321</p>
<p><strong>CVSS:</strong> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</p>
<p><strong>Suggested Fix:</strong> app@1.0.0 → lodash@4.17.21</p>
</body>
</html>