CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 5CVE-2021-44906 – minimist: prototype pollution
https://notcve.org/view.php?id=CVE-2021-44906
17 Mar 2022 — Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). Minimist versiones anteriores a 1.2.5 incluyéndola, es vulnerable a una Contaminación de Prototipos por medio del archivo index.js, función setKey() (líneas 69-95) An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype p... • https://github.com/nevermoe/CVE-2021-44906 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-7598 – nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
https://notcve.org/view.php?id=CVE-2020-7598
11 Mar 2020 — minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. minimist versiones anteriores a la versión 1.2.2, podría ser engañado para agregar o modificar propiedades de Object.prototype usando una carga útil de "constructor" o "__proto__". A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "__proto__" payload. The highest threat from th... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html • CWE-20: Improper Input Validation CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •