
We found results for “”
CVE-2021-41097
Good to know:


Date: September 27, 2021
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses "aurelia-path" package to parse a string. The majority of this will be Aurelia applications that employ the "aurelia-router" package. An example is this could allow an attacker to change the prototype of base object class "Object" by tricking an application to parse the following URL: "https://aurelia.io/blog/?__proto__[asdf]=asdf". The problem is patched in version "1.1.7".
Language: JS
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |