Home > Vulnerability Database > CVE-2021-44906

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2021-44906

Good to know:

Date: March 17, 2022

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Language: JS

Severity Score

9.8

Related Resources (17)

Url: https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068

Url: https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb

Url: https://access.redhat.com/security/cve/CVE-2021-44906

Url: https://github.com/minimistjs/minimist/pull/24

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-44906

Url: https://github.com/substack/minimist/issues/164

Url: https://github.com/minimistjs/minimist/commits/v0.2.4

Url: https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d

Url: https://github.com/substack/minimist

Url: https://github.com/substack/minimist/blob/master/index.js#L69

Url: https://security.netapp.com/advisory/ntap-20240621-0006

Url: https://github.com/minimistjs/minimist/issues/11

Url: https://github.com/minimistjs/minimist/commit/34e20b8461118608703d6485326abbb8e35e1703

Url: https://security.netapp.com/advisory/ntap-20240621-0006/

Url: https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip

Url: https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11

Url: https://www.mend.io/vulnerability-database/CVE-2021-44906

Severity Score

9.8

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version minimist - 1.2.6;minimist - 0.2.4

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-44906

Good to know:

Date: March 17, 2022

Language: JS

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?