CVE-2021-25914
CVE-2021-25914
In short
A flaw in the 'object-collider' library allows attackers to pollute JavaScript object prototypes, potentially crashing applications or executing malicious code remotely.
Technical detail
Prototype pollution vulnerability in 'object-collider' versions 1.0.0–1.0.3 enables an attacker to inject properties into Object.prototype through crafted input, causing denial of service via application crash or potentially achieving remote code execution depending on the application's object handling and execution context.
Summary generated and translated by AI from the official description.
Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · object-colliderWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →