CVE-2021-32736
Prototype Pollution in think-helper
7.5
HIGH
CVSS 3.1
EPSS 0.21%
描述
### Impact The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. ### Patches `[email protected]` patched it, anyone used `think-helper` should upgrade to `>=1.1.3` version. ### References https://cwe.mitre.org/data/definitions/1321.html ### For more information If you have any questions or comments about this advisory: * Open an issue in [thinkjs/thinkjs](https://github.com/thinkjs/thinkjs) * Email us at [[email protected]](mailto:[email protected])
如何修補 CVE-2021-32736
要修補 CVE-2021-32736,請將受影響套件升級到下列已修補版本。
- —升級至 1.1.3 或更新版本
CVE-2021-32736 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.1.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |