Home > Vulnerability Database > CVE-2021-4245

Mend.io Vulnerability Database

CVE-2021-4245

Good to know:

Date: December 14, 2022

A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883.

Language: TYPE_SCRIPT

Severity Score

5.5

Related Resources (7)

Url: https://github.com/chbrown/rfc6902/commit/c006ce9faa43d31edb34924f1df7b79c137096cf

Url: https://vuldb.com/?id.215883

Url: https://github.com/chbrown/rfc6902/pull/76

Url: https://github.com/chbrown/rfc6902

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-4245

Url: https://github.com/chbrown/rfc6902/issues/84

Url: https://www.mend.io/vulnerability-database/CVE-2021-4245

Severity Score

5.5

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version rfc6902 - 5.0.0

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2021-4245

Good to know:

Date: December 14, 2022

Language: TYPE_SCRIPT

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?