← voltar
CVE-2021-4278

cronvel tree-kit prototype pollution

CVSS 5.5 MEDIUMEPSS 0.4%CWE-1321
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
25 dez 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). Upgrading to version 0.7.0 is able to address this issue. The name of the patch is a63f559c50d70e8cb2eaae670dec25d1dbc4afcd. It is recommended to upgrade the affected component. The identifier VDB-216765 was assigned to this vulnerability.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Produtos afetados
cronvel · tree-kit

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/cronvel/tree-kit/commit/a63f559c50d70e8cb2eaae670dec25d1dbc4afcdhttps://github.com/cronvel/tree-kit/releases/tag/v0.7.0https://vuldb.com/?ctiid.216765https://vuldb.com/?id.216765