← back
CVE-2021-25928

CVE-2021-25928

CVSS 9.8 CRITICALEPSS 3.3%CWE-1321
In short

A flaw in the 'safe-obj' library allows attackers to inject malicious properties into JavaScript objects through specially crafted input, potentially crashing the application or executing unauthorized code.

Technical detail

Prototype pollution vulnerability in 'safe-obj' (v1.0.0–1.0.2) enables an attacker to pollute the Object prototype via untrusted input, leading to denial of service through application crash and potential remote code execution depending on downstream usage of affected objects.

Summary generated and translated by AI from the official description.
Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · safe-obj

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/mantacode/safe-obj/blob/6ab63529182b6cf11704ac84f10800290afd3f9f/lib/index.js#L122https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25928