Prototype Pollution
CVE-2021-23421

5.6MEDIUM

Key Information:

Vendor: Merge-change Project
Status: Merge-change
Vendor: CVE Published:; 11 August 2021

🔔 Create Merge-change Project Vulnerability Alert

What is CVE-2021-23421?

All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

merge-change 0

References

https://snyk.io/vuln/SNYK-JS-MERGECHANGE-1310985

x_refsource_MISC

https://github.com/VladimirShestakov/merge-change/blob/99...

x_refsource_MISC

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 11, 2021
Vulnerability Reserved
Jan 8, 2021

Credit

Dung Le

JSON

Merge-change Project