← back
CVE-2021-25943

CVE-2021-25943

CVSS 9.8 CRITICALEPSS 3.3%CWE-1321
In short

A flaw in the '101' library allows attackers to pollute object prototypes, which can crash the application or potentially execute malicious code remotely.

Technical detail

Prototype pollution vulnerability in '101' versions 1.0.0–1.6.3 enables attackers to modify the prototype chain of JavaScript objects through untrusted input, leading to denial of service or remote code execution depending on application context and gadget availability.

Summary generated and translated by AI from the official description.
Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · 101

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/tjmehta/101/blob/d87f63ce2a4cbdc476e8287abd78327c3144d646/set.js#L52https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25943