CVE-2021-25941
CVE-2021-25941
In short
A flaw in the 'deep-override' library allows attackers to pollute JavaScript object prototypes, causing the application to crash or potentially execute malicious code. This happens when the library unsafely processes user input without proper validation.
Technical detail
Prototype pollution vulnerability in 'deep-override' (versions 1.0.0–1.0.1) enables attackers to inject malicious properties into Object.prototype through crafted input, resulting in denial of service via application crash or potential remote code execution depending on downstream usage. The attack requires no authentication and can be triggered through any input vector processed by the vulnerable library function.
Summary generated and translated by AI from the official description.
Prototype pollution vulnerability in 'deep-override' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · deep-overrideWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →