COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2021-28860

CVE-2021-28860

Severity
critical
Source
NVD · cve
Published
2021-05-03
CVSS
9.1
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-28860
⚡ RCE shame 50/100 rce

In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at ri

Players implicated

adaltas · vendormixme · product

Description

In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).

Sentiment · trusted sources

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.