Home > Vulnerability Database > WS-2021-0204

Mend.io Vulnerability Database

WS-2021-0204

Good to know:

Date: November 3, 2024

An issue was found in the "think-config" NPM package before v1.1.3 . The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

Language: JS

Severity Score

7.5

Related Resources (4)

Url: https://github.com/thinkjs/think-config/security/advisories/GHSA-6cj2-92m5-7mvp

Url: https://github.com/thinkjs/think-config

Url: https://github.com/thinkjs/think-config/commit/31b82468d72f2e1456a27a4827cea378196db6db

Url: https://www.mend.io/vulnerability-database/WS-2021-0204

Severity Score

7.5

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version think-config - 1.1.3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0204

Good to know:

Date: November 3, 2024

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?