CVE-2021-25915
CVE-2021-25915
In short
A flaw in the 'changeset' library allows attackers to pollute JavaScript object prototypes, potentially crashing the application or executing malicious code. This happens because the library improperly handles object properties during version 0.0.1 to 0.2.5.
Technical detail
Prototype pollution vulnerability in changeset (versions 0.0.1–0.2.5) enables attackers to inject properties into Object.prototype through unsanitized input, resulting in denial of service via application crash or potentially remote code execution depending on downstream usage of polluted objects.
Summary generated and translated by AI from the official description.
Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · changesetWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →