Exposures › CVE-2021-28860
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at ri
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).
“U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog”
“Active Exploitation Alert: Critical CVE-2026-20896 Authentication Bypass in Gitea Docker Image Exposes Repositories and Secrets”
“ICS Advisories | CISA”
“Security researchers are warning organizations using Gitea act_runner with the Docker backend to review their deployments after proof-of-concept (PoC) code for CVE-2026-58053 was publicly released”
“CVE-2021-28860: In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions.”
“Database CVE, CWE, CISA KEV & Vulnerability Intelligence | CVE Find”
“CVEs and Security Vulnerabilities - OpenCVE”
No correlated FedRAMP products.