← back
CVE-2021-25914

CVE-2021-25914

CVSS 9.8 CRITICALEPSS 3.7%CWE-1321
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 3.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Mar 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In short

A flaw in the 'object-collider' library allows attackers to pollute JavaScript object prototypes, potentially crashing applications or executing malicious code remotely.

Technical detail

Prototype pollution vulnerability in 'object-collider' versions 1.0.0–1.0.3 enables an attacker to inject properties into Object.prototype through crafted input, causing denial of service via application crash or potentially achieving remote code execution depending on the application's object handling and execution context.

Summary generated and translated by AI from the official description.
Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · object-collider

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/FireBlinkLTD/object-collider/commit/321f75a7f8e7b3393e5b7dd6dd9ab26ede5906e5https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25914