CVE-2021-25916
CVE-2021-25916
In short
The 'patchmerge' library has a flaw that lets attackers pollute the core object structure (prototype pollution), which can crash the application or potentially execute malicious code on the server.
Technical detail
Prototype pollution vulnerability in patchmerge 1.0.0-1.0.1 allows an attacker to inject properties into the Object prototype through crafted merge operations, resulting in denial of service and potential remote code execution depending on how polluted properties are used downstream.
Summary generated and translated by AI from the official description.
Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · patchmergeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →