Prototype Pollution Vulnerability in putil-merge by WhiteSource
CVE-2021-25953

9.8CRITICAL

Key Information:

Vendor: Putil-merge Project
Status: Putil-merge
Vendor: CVE Published:; 14 July 2021

🔔 Create Putil-merge Project Vulnerability Alert

What is CVE-2021-25953?

The prototype pollution vulnerability in putil-merge affects versions 1.0.0 to 3.6.6, enabling attackers to manipulate the prototype of an object. This may lead to denial of service and potentially allow attackers to execute arbitrary code remotely, compromising the integrity and security of applications utilizing this vulnerable package.

Affected Version(s)

putil-merge 3.6.6, 3.6.5, 3.6.4, 3.6.3, 3.6.2, 3.6.1, 3.6.0, 3.5.2, 3.5.1, 3.5.0, 3.4.2, 3.4.1, 3.3.0, 3.2.0, 3.1.4, 3.1.3, 3.1.2, 3.1.1, 3.1.0, 3.0.0, 2.2.0, 2.1.0, 2.0.2, 2.0.1, 2.0.0, 1.2.0, 1.1.5, 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.2, 1.0.1, 1.0.0

References

https://www.whitesourcesoftware.com/vulnerability-databas...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2021
Vulnerability Reserved
Jan 22, 2021

CVE-2021-25953 Data

JSON