Vulnerability Details : CVE-2021-44906
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Products affected by CVE-2021-44906
- cpe:2.3:a:substack:minimist:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-44906
2.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-44906
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-44906
-
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-44906
-
https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
javascript - Adding custom properties to a function - Stack OverflowIssue Tracking;Third Party Advisory
-
https://github.com/substack/minimist/blob/master/index.js#L69
minimist/index.js at master · substack/minimist · GitHubExploit;Third Party Advisory
-
https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
JavaScript-vulnerability-detection/minimist PoC.zip at main · Marynk/JavaScript-vulnerability-detection · GitHubExploit;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20240621-0006/
February 2024 IBM Cognos Analytics Vulnerabilities in NetApp Products | NetApp Product Security
-
https://github.com/substack/minimist/issues/164
insufficient fix for prototype pollution in setKey() CVE-2021-44906 · Issue #164 · substack/minimist · GitHubExploit;Issue Tracking;Patch;Third Party Advisory
-
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
Prototype Pollution in minimist | SnykExploit;Not Applicable;Patch;Third Party Advisory
Jump to