CVE-2021-4245
npm package rfc6902 vulnerable to Prototype Pollution
9.8
CRITICAL
CVSS 3.1
EPSS 0.65%
描述
A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883.
如何修補 CVE-2021-4245
要修補 CVE-2021-4245,請將受影響套件升級到下列已修補版本。
- —升級至 5.0.0 或更新版本
CVE-2021-4245 正在被利用嗎?
低 — EPSS 為 0.7%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 5.0.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |